Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-0494 (GCVE-0-2022-0494)
Vulnerability from cvelistv5 – Published: 2022-03-25 18:03 – Updated: 2024-08-02 23:32
VLAI?
EPSS
Summary
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039448"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel%40gmail.com/"
},
{
"name": "DSA-5161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"name": "DSA-5173",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.17 rc5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T10:07:48.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039448"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel%40gmail.com/"
},
{
"name": "DSA-5161",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"name": "DSA-5173",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.17 rc5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2039448",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039448"
},
{
"name": "https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel@gmail.com/",
"refsource": "MISC",
"url": "https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel@gmail.com/"
},
{
"name": "DSA-5161",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"name": "DSA-5173",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5173"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0494",
"datePublished": "2022-03-25T18:03:05.000Z",
"dateReserved": "2022-02-04T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2023-AVI-0220
Vulnerability from certfr_avis - Published: 2023-03-14 - Updated: 2023-03-14
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SINEC NMS | ||
| Siemens | N/A | De nombreuses références SCALANCE et SIPROTEC (se référer aux bulletins de sécurité de l'éditeur pour les versions affectées) | ||
| Siemens | N/A | RUGGEDCOM CROSSBOW versions antérieures à V5.3 | ||
| Siemens | N/A | Mendix SAML (Mendix 9 compatible, New Track) versions 3.1.9 à 3.2.x antérieures à V3.3.0 | ||
| Siemens | N/A | Mendix SAML (Mendix 7 compatible) versions antérieures à V1.17.3 | ||
| Siemens | N/A | Mendix SAML (Mendix 8 compatible) versions antérieures à V2.3.0 | ||
| Siemens | N/A | SINEMA Server V14 | ||
| Siemens | N/A | Mendix SAML (Mendix 9 compatible, Upgrade Track) versions 3.1.9 à 3.2.x antérieures à V3.3.0 | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) et NAM (6GK6108-4AM00-2DA2) versions antérieures à V7.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SINEC NMS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "De nombreuses r\u00e9f\u00e9rences SCALANCE et SIPROTEC (se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les versions affect\u00e9es)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM CROSSBOW versions ant\u00e9rieures \u00e0 V5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML (Mendix 9 compatible, New Track) versions 3.1.9 \u00e0 3.2.x ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V1.17.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V2.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server V14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML (Mendix 9 compatible, Upgrade Track) versions 3.1.9 \u00e0 3.2.x ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) et NAM (6GK6108-4AM00-2DA2) versions ant\u00e9rieures \u00e0 V7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2019-1125",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
},
{
"name": "CVE-2021-42384",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2021-42378",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
},
{
"name": "CVE-2022-30594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
},
{
"name": "CVE-2021-42382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
},
{
"name": "CVE-2021-42376",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42376"
},
{
"name": "CVE-2022-24282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24282"
},
{
"name": "CVE-2019-1071",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
},
{
"name": "CVE-2022-28356",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28356"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2018-12886",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12886"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-32296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
},
{
"name": "CVE-2022-2380",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2380"
},
{
"name": "CVE-2021-42373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42373"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2021-42377",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42377"
},
{
"name": "CVE-2022-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
},
{
"name": "CVE-2022-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24281"
},
{
"name": "CVE-2022-23037",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23037"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-23395",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23395"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2022-23042",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23042"
},
{
"name": "CVE-2023-25957",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25957"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2021-42386",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
},
{
"name": "CVE-2022-2639",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2639"
},
{
"name": "CVE-2021-42380",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42380"
},
{
"name": "CVE-2022-38767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38767"
},
{
"name": "CVE-2021-42374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
},
{
"name": "CVE-2022-23036",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23036"
},
{
"name": "CVE-2022-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0002"
},
{
"name": "CVE-2023-27462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27462"
},
{
"name": "CVE-2022-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1016"
},
{
"name": "CVE-2022-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1975"
},
{
"name": "CVE-2022-23038",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23038"
},
{
"name": "CVE-2023-27309",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27309"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2021-42379",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
},
{
"name": "CVE-2022-23039",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23039"
},
{
"name": "CVE-2021-42381",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
},
{
"name": "CVE-2022-23040",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23040"
},
{
"name": "CVE-2022-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1304"
},
{
"name": "CVE-2022-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1011"
},
{
"name": "CVE-2021-26401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26401"
},
{
"name": "CVE-2022-0547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0547"
},
{
"name": "CVE-2021-42383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42383"
},
{
"name": "CVE-2022-23041",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23041"
},
{
"name": "CVE-2022-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1734"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2022-32981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32981"
},
{
"name": "CVE-2022-26490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26490"
},
{
"name": "CVE-2022-36946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36946"
},
{
"name": "CVE-2022-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0001"
},
{
"name": "CVE-2021-42385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2022-36879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
},
{
"name": "CVE-2022-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
},
{
"name": "CVE-2022-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
},
{
"name": "CVE-2019-1073",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2021-4149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4149"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2022-1199",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1199"
},
{
"name": "CVE-2021-42375",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42375"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28390"
},
{
"name": "CVE-2022-33981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33981"
},
{
"name": "CVE-2022-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1974"
},
{
"name": "CVE-2023-27310",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27310"
},
{
"name": "CVE-2022-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
},
{
"name": "CVE-2022-25311",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25311"
},
{
"name": "CVE-2022-1516",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1516"
},
{
"name": "CVE-2023-27463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27463"
},
{
"name": "CVE-2022-1198",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1198"
},
{
"name": "CVE-2022-20158",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20158"
}
],
"initial_release_date": "2023-03-14T00:00:00",
"last_revision_date": "2023-03-14T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0220",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-419740 du 14 mars 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-419740.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-320629 du 14 mars 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-320629.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-250085 du 14 mars 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-250085.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-203374 du 14 mars 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-203374.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-851884 du 14 mars 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-851884.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-565386 du 14 mars 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-565386.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-260625 du 14 mars 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-260625.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-726834 du 14 mars 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-726834.html"
}
]
}
CERTFR-2022-AVI-670
Vulnerability from certfr_avis - Published: 2022-07-22 - Updated: 2022-07-22
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP4 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP4 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Availability 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP2",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
},
{
"name": "CVE-2021-44879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44879"
},
{
"name": "CVE-2022-1116",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1116"
},
{
"name": "CVE-2022-21127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21127"
},
{
"name": "CVE-2022-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
},
{
"name": "CVE-2022-20132",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20132"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2017-16525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16525"
},
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2022-1651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1651"
},
{
"name": "CVE-2022-33741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33741"
},
{
"name": "CVE-2022-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1016"
},
{
"name": "CVE-2022-33742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33742"
},
{
"name": "CVE-2022-34918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34918"
},
{
"name": "CVE-2022-20154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20154"
},
{
"name": "CVE-2022-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1998"
},
{
"name": "CVE-2022-21499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21499"
},
{
"name": "CVE-2022-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
},
{
"name": "CVE-2022-33740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33740"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
},
{
"name": "CVE-2021-4157",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4157"
},
{
"name": "CVE-2021-45402",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45402"
},
{
"name": "CVE-2022-0264",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0264"
},
{
"name": "CVE-2022-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1972"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2021-33061",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33061"
},
{
"name": "CVE-2022-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1966"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
},
{
"name": "CVE-2022-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1012"
},
{
"name": "CVE-2022-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1734"
},
{
"name": "CVE-2022-20141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20141"
},
{
"name": "CVE-2022-26490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26490"
},
{
"name": "CVE-2022-2318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2318"
},
{
"name": "CVE-2021-26341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26341"
},
{
"name": "CVE-2022-1679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
},
{
"name": "CVE-2022-1671",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1671"
},
{
"name": "CVE-2022-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1789"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2022-29582",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29582"
},
{
"name": "CVE-2021-39698",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39698"
},
{
"name": "CVE-2022-33743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33743"
},
{
"name": "CVE-2022-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1205"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2022-0617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0617"
},
{
"name": "CVE-2022-1852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1852"
},
{
"name": "CVE-2022-21180",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21180"
},
{
"name": "CVE-2022-26365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26365"
},
{
"name": "CVE-2022-33981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33981"
},
{
"name": "CVE-2022-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1974"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2022-1198",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1198"
},
{
"name": "CVE-2022-1508",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1508"
}
],
"initial_release_date": "2022-07-22T00:00:00",
"last_revision_date": "2022-07-22T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-670",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222461-1 du 20 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222461-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222482-1 du 21 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222482-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222460-1 du 20 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222460-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222443-1 du 19 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222443-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222520-1 du 21 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222520-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222515-1 du 21 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222515-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222438-1 du 19 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222438-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222516-1 du 21 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222516-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222435-1 du 19 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222435-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222444-1 du 19 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222444-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222478-1 du 21 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222478-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222445-1 du 19 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222445-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222446-1 du 19 juillet 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222446-1/"
}
]
}
CERTFR-2022-AVI-606
Vulnerability from certfr_avis - Published: 2022-07-04 - Updated: 2022-07-04
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian \"Buster\" versions ant\u00e9rieures \u00e0 4.19.249-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-29581",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29581"
},
{
"name": "CVE-2022-30594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
},
{
"name": "CVE-2022-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1195"
},
{
"name": "CVE-2022-28356",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28356"
},
{
"name": "CVE-2022-32296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
},
{
"name": "CVE-2022-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
},
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2022-27666",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27666"
},
{
"name": "CVE-2022-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1016"
},
{
"name": "CVE-2022-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1975"
},
{
"name": "CVE-2022-0854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0854"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
},
{
"name": "CVE-2022-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1048"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2022-0812",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0812"
},
{
"name": "CVE-2022-32250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
},
{
"name": "CVE-2022-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1011"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
},
{
"name": "CVE-2022-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1012"
},
{
"name": "CVE-2022-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1734"
},
{
"name": "CVE-2022-26490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26490"
},
{
"name": "CVE-2022-1419",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1419"
},
{
"name": "CVE-2022-23960",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23960"
},
{
"name": "CVE-2022-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
},
{
"name": "CVE-2022-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28388"
},
{
"name": "CVE-2022-28389",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28389"
},
{
"name": "CVE-2022-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1205"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2022-1199",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1199"
},
{
"name": "CVE-2022-1204",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1204"
},
{
"name": "CVE-2021-4197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
},
{
"name": "CVE-2022-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28390"
},
{
"name": "CVE-2022-33981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33981"
},
{
"name": "CVE-2022-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1974"
},
{
"name": "CVE-2022-1516",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1516"
},
{
"name": "CVE-2022-1198",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1198"
},
{
"name": "CVE-2022-2153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2153"
}
],
"initial_release_date": "2022-07-04T00:00:00",
"last_revision_date": "2022-07-04T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-606",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nDebian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian dsa-5173 du 03 juillet 2022",
"url": "https://www.debian.org/security/2022/dsa-5173"
}
]
}
CERTFR-2022-AVI-697
Vulnerability from certfr_avis - Published: 2022-08-02 - Updated: 2022-08-02
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP4 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP4 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
},
{
"name": "CVE-2021-44879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44879"
},
{
"name": "CVE-2022-21127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21127"
},
{
"name": "CVE-2022-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
},
{
"name": "CVE-2022-20132",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20132"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2022-1651",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1651"
},
{
"name": "CVE-2022-33741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33741"
},
{
"name": "CVE-2022-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1016"
},
{
"name": "CVE-2022-33742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33742"
},
{
"name": "CVE-2022-34918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34918"
},
{
"name": "CVE-2022-20154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20154"
},
{
"name": "CVE-2022-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1998"
},
{
"name": "CVE-2022-21499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21499"
},
{
"name": "CVE-2022-33740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33740"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
},
{
"name": "CVE-2021-45402",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45402"
},
{
"name": "CVE-2022-0264",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0264"
},
{
"name": "CVE-2022-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1972"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2021-33061",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33061"
},
{
"name": "CVE-2022-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1966"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
},
{
"name": "CVE-2022-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1012"
},
{
"name": "CVE-2022-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1734"
},
{
"name": "CVE-2022-26490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26490"
},
{
"name": "CVE-2022-2318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2318"
},
{
"name": "CVE-2021-26341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26341"
},
{
"name": "CVE-2022-1679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
},
{
"name": "CVE-2022-1671",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1671"
},
{
"name": "CVE-2022-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1789"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2022-29582",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29582"
},
{
"name": "CVE-2022-33743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33743"
},
{
"name": "CVE-2022-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1205"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2022-0617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0617"
},
{
"name": "CVE-2022-1852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1852"
},
{
"name": "CVE-2022-21180",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21180"
},
{
"name": "CVE-2022-26365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26365"
},
{
"name": "CVE-2022-33981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33981"
},
{
"name": "CVE-2022-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1974"
},
{
"name": "CVE-2022-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23222"
},
{
"name": "CVE-2022-1198",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1198"
},
{
"name": "CVE-2022-1508",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1508"
}
],
"initial_release_date": "2022-08-02T00:00:00",
"last_revision_date": "2022-08-02T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-697",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20222615-1 du 01 ao\u00fbt 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/"
}
]
}
CERTFR-2023-AVI-0315
Vulnerability from certfr_avis - Published: 2023-04-14 - Updated: 2023-04-14
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28328"
},
{
"name": "CVE-2023-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
},
{
"name": "CVE-2022-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1195"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2022-2380",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2380"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2021-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4203"
},
{
"name": "CVE-2023-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
},
{
"name": "CVE-2023-26606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26606"
},
{
"name": "CVE-2022-20132",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20132"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2022-42895",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-4662",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4662"
},
{
"name": "CVE-2020-36516",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36516"
},
{
"name": "CVE-2022-3903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3903"
},
{
"name": "CVE-2023-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
},
{
"name": "CVE-2022-36280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2022-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1016"
},
{
"name": "CVE-2022-4382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4382"
},
{
"name": "CVE-2022-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1975"
},
{
"name": "CVE-2022-39842",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39842"
},
{
"name": "CVE-2022-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
},
{
"name": "CVE-2022-20572",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20572"
},
{
"name": "CVE-2022-41849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
},
{
"name": "CVE-2022-0487",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0487"
},
{
"name": "CVE-2021-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
},
{
"name": "CVE-2022-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
},
{
"name": "CVE-2021-28713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
},
{
"name": "CVE-2023-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0210"
},
{
"name": "CVE-2021-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3772"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2021-3659",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3659"
},
{
"name": "CVE-2023-26607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26607"
},
{
"name": "CVE-2022-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
},
{
"name": "CVE-2021-3428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3428"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2021-28712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
},
{
"name": "CVE-2023-23559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23559"
},
{
"name": "CVE-2022-39188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
},
{
"name": "CVE-2022-3111",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3111"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2021-26401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26401"
},
{
"name": "CVE-2021-45868",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45868"
},
{
"name": "CVE-2023-26545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
},
{
"name": "CVE-2021-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3669"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2023-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1095"
},
{
"name": "CVE-2023-1118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1118"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2022-2318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2318"
},
{
"name": "CVE-2022-3303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3303"
},
{
"name": "CVE-2022-3424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3424"
},
{
"name": "CVE-2022-36879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
},
{
"name": "CVE-2022-2991",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2991"
},
{
"name": "CVE-2022-48424",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48424"
},
{
"name": "CVE-2021-3732",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3732"
},
{
"name": "CVE-2022-48423",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48423"
},
{
"name": "CVE-2023-0045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0045"
},
{
"name": "CVE-2022-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1205"
},
{
"name": "CVE-2022-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20369"
},
{
"name": "CVE-2021-4149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4149"
},
{
"name": "CVE-2022-0617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0617"
},
{
"name": "CVE-2022-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3061"
},
{
"name": "CVE-2022-3521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
},
{
"name": "CVE-2022-2503",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2503"
},
{
"name": "CVE-2022-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1974"
},
{
"name": "CVE-2022-1516",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1516"
}
],
"initial_release_date": "2023-04-14T00:00:00",
"last_revision_date": "2023-04-14T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0315",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une\n\u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6009-1 du 11 avril 2023",
"url": "https://ubuntu.com/security/notices/USN-6009-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6004-1 du 11 avril 2023",
"url": "https://ubuntu.com/security/notices/USN-6004-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6014-1 du 12 avril 2023",
"url": "https://ubuntu.com/security/notices/USN-6014-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6013-1 du 12 avril 2023",
"url": "https://ubuntu.com/security/notices/USN-6013-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6007-1 du 11 avril 2023",
"url": "https://ubuntu.com/security/notices/USN-6007-1"
}
]
}
CERTFR-2022-AVI-542
Vulnerability from certfr_avis - Published: 2022-06-13 - Updated: 2022-06-13
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian stable (bullseye) versions ant\u00e9rieures \u00e0 5.10.120-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1975"
},
{
"name": "CVE-2022-21499",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21499"
},
{
"name": "CVE-2022-0854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0854"
},
{
"name": "CVE-2022-28893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28893"
},
{
"name": "CVE-2022-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1972"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2022-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1966"
},
{
"name": "CVE-2022-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1012"
},
{
"name": "CVE-2022-1786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1786"
},
{
"name": "CVE-2022-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1789"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2022-1852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1852"
},
{
"name": "CVE-2022-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1974"
}
],
"initial_release_date": "2022-06-13T00:00:00",
"last_revision_date": "2022-06-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-542",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nDebian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian dsa-5161 du 11 juin 2022",
"url": "https://www.debian.org/security/2022/dsa-5161"
}
]
}
CERTFR-2022-AVI-957
Vulnerability from certfr_avis - Published: 2022-10-26 - Updated: 2022-10-26
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux for Real Time 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-23825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23825"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2022-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
},
{
"name": "CVE-2022-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
},
{
"name": "CVE-2022-23816",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23816"
}
],
"initial_release_date": "2022-10-26T00:00:00",
"last_revision_date": "2022-10-26T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-957",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:7171 du 25 octobre 2022",
"url": "https://access.redhat.com/errata/RHSA-2022:7171"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:7134 du 25 octobre 2022",
"url": "https://access.redhat.com/errata/RHSA-2022:7134"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:7146 du 25 octobre 2022",
"url": "https://access.redhat.com/errata/RHSA-2022:7146"
}
]
}
CERTFR-2022-AVI-773
Vulnerability from certfr_avis - Published: 2022-08-26 - Updated: 2022-08-26
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
},
{
"name": "CVE-2022-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1975"
},
{
"name": "CVE-2022-34918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34918"
},
{
"name": "CVE-2022-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1048"
},
{
"name": "CVE-2022-2586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
},
{
"name": "CVE-2022-28893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28893"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2022-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1734"
},
{
"name": "CVE-2022-1679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
},
{
"name": "CVE-2022-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
},
{
"name": "CVE-2022-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1974"
}
],
"initial_release_date": "2022-08-26T00:00:00",
"last_revision_date": "2022-08-26T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-773",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5582-1 du 25 ao\u00fbt 2022",
"url": "https://ubuntu.com/security/notices/USN-5582-1"
}
]
}
CERTFR-2022-AVI-602
Vulnerability from certfr_avis - Published: 2022-07-04 - Updated: 2022-07-04
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian 9 \"Stretch\" versions ant\u00e9rieures \u00e0 4.9.320-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
},
{
"name": "CVE-2022-28356",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28356"
},
{
"name": "CVE-2022-32296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
},
{
"name": "CVE-2022-23037",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23037"
},
{
"name": "CVE-2022-23042",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23042"
},
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2022-23036",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23036"
},
{
"name": "CVE-2018-1108",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1108"
},
{
"name": "CVE-2022-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1016"
},
{
"name": "CVE-2022-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1975"
},
{
"name": "CVE-2022-23038",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23038"
},
{
"name": "CVE-2022-26966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26966"
},
{
"name": "CVE-2022-0854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0854"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2022-0812",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0812"
},
{
"name": "CVE-2022-32250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
},
{
"name": "CVE-2022-23039",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23039"
},
{
"name": "CVE-2022-27223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27223"
},
{
"name": "CVE-2022-23040",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23040"
},
{
"name": "CVE-2021-39713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39713"
},
{
"name": "CVE-2022-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1011"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
},
{
"name": "CVE-2022-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1012"
},
{
"name": "CVE-2022-23041",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23041"
},
{
"name": "CVE-2022-24958",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24958"
},
{
"name": "CVE-2022-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1734"
},
{
"name": "CVE-2022-26490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26490"
},
{
"name": "CVE-2022-23960",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23960"
},
{
"name": "CVE-2022-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2021-4149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4149"
},
{
"name": "CVE-2022-1199",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1199"
},
{
"name": "CVE-2022-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28390"
},
{
"name": "CVE-2022-33981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33981"
},
{
"name": "CVE-2022-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1974"
},
{
"name": "CVE-2022-1516",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1516"
},
{
"name": "CVE-2022-1198",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1198"
},
{
"name": "CVE-2022-2153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2153"
}
],
"initial_release_date": "2022-07-04T00:00:00",
"last_revision_date": "2022-07-04T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-602",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nDebian LTS. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de\nservice et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian LTS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian LTS dla-3065 du 01 juillet 2022",
"url": "https://www.debian.org/lts/security/2022/dla-3065"
}
]
}
CERTFR-2022-AVI-740
Vulnerability from certfr_avis - Published: 2022-08-12 - Updated: 2022-08-12
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1195"
},
{
"name": "CVE-2022-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
},
{
"name": "CVE-2022-29900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29900"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2022-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1975"
},
{
"name": "CVE-2022-34918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34918"
},
{
"name": "CVE-2022-2585",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2585"
},
{
"name": "CVE-2022-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1048"
},
{
"name": "CVE-2022-2586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
},
{
"name": "CVE-2022-28893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28893"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2022-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0500"
},
{
"name": "CVE-2022-1734",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1734"
},
{
"name": "CVE-2022-1679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
},
{
"name": "CVE-2022-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1789"
},
{
"name": "CVE-2022-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2022-33981",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33981"
},
{
"name": "CVE-2022-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1974"
}
],
"initial_release_date": "2022-08-12T00:00:00",
"last_revision_date": "2022-08-12T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-740",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux d\u0027Ubuntu USN-5560-1 du 10 ao\u00fbt 2022",
"url": "https://ubuntu.com/security/notices/USN-5560-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux d\u0027Ubuntu USN-5565-1 du 10 ao\u00fbt 2022",
"url": "https://ubuntu.com/security/notices/USN-5565-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux d\u0027Ubuntu USN-5562-1 du 10 ao\u00fbt 2022",
"url": "https://ubuntu.com/security/notices/USN-5562-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux d\u0027Ubuntu USN-5567-1 du 10 ao\u00fbt 2022",
"url": "https://ubuntu.com/security/notices/USN-5567-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux d\u0027Ubuntu USN-5566-1 du 10 ao\u00fbt 2022",
"url": "https://ubuntu.com/security/notices/USN-5566-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux d\u0027Ubuntu USN-5564-1 du 10 ao\u00fbt 2022",
"url": "https://ubuntu.com/security/notices/USN-5564-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux d\u0027Ubuntu USN-5560-2 du 10 ao\u00fbt 2022",
"url": "https://ubuntu.com/security/notices/USN-5560-2"
}
]
}
CERTFR-2023-AVI-0240
Vulnerability from certfr_avis - Published: 2023-03-17 - Updated: 2023-03-17
De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une exécution de code arbitraire à distance, un déni de service à distance, un contournement de la politique de sécurité, une élévation de privilèges et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Global Mailbox versions 6.0.3.x antérieures à 6.0.3.8 | ||
| IBM | Spectrum | Spectrum Copy Data Management versions 2.2.x antérieures à 2.2.19.0 | ||
| IBM | Spectrum | Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | Sterling | Sterling B2B Integrator versions 6.1.x antérieures à 6.1.2.1 | ||
| IBM | Spectrum | Spectrum Protect Plus versions 10.1.x antérieures à 10.1.14 | ||
| IBM | Spectrum | Spectrum Protect Client versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | Sterling | Sterling Global Mailbox versions 6.1.2.x antérieures à 6.1.2.2 | ||
| IBM | Sterling | Sterling B2B Integrator versions 6.0.x antérieures à 6.0.3.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Global Mailbox versions 6.0.3.x ant\u00e9rieures \u00e0 6.0.3.8",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Copy Data Management versions 2.2.x ant\u00e9rieures \u00e0 2.2.19.0",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.1",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Global Mailbox versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.2",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.8",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-29581",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29581"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2022-4379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4379"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2020-36557",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36557"
},
{
"name": "CVE-2022-2639",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2639"
},
{
"name": "CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"name": "CVE-2022-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0168"
},
{
"name": "CVE-2015-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7501"
},
{
"name": "CVE-2022-29244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29244"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2022-2078",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2078"
},
{
"name": "CVE-2022-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
},
{
"name": "CVE-2022-2586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"name": "CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2021-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3640"
},
{
"name": "CVE-2023-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
},
{
"name": "CVE-2022-36946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36946"
},
{
"name": "CVE-2022-24448",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24448"
},
{
"name": "CVE-2022-1055",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1055"
},
{
"name": "CVE-2022-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
},
{
"name": "CVE-2022-42436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42436"
},
{
"name": "CVE-2022-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28390"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2020-36558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36558"
}
],
"initial_release_date": "2023-03-17T00:00:00",
"last_revision_date": "2023-03-17T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0240",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963960",
"url": "https://www.ibm.com/support/pages/node/6963960"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963958",
"url": "https://www.ibm.com/support/pages/node/6963958"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963962",
"url": "https://www.ibm.com/support/pages/node/6963962"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963936",
"url": "https://www.ibm.com/support/pages/node/6963936"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963956",
"url": "https://www.ibm.com/support/pages/node/6963956"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6960747",
"url": "https://www.ibm.com/support/pages/node/6960747"
},
{
"published_at": "2023-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6956237",
"url": "https://www.ibm.com/support/pages/node/6956237"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6960739",
"url": "https://www.ibm.com/support/pages/node/6960739"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963954",
"url": "https://www.ibm.com/support/pages/node/6963954"
}
]
}
CERTFR-2022-AVI-720
Vulnerability from certfr_avis - Published: 2022-08-10 - Updated: 2022-08-10
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 8.2 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 9 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time 9 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems 9 s390x | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian 9 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 9 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 9 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux Server - TUS 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 9 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time 9 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 9 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems 9 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian 9 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 9 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 9 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2022-1055",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1055"
},
{
"name": "CVE-2022-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
}
],
"initial_release_date": "2022-08-10T00:00:00",
"last_revision_date": "2022-08-10T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-720",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service, un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Red Hat RHSA-2022:6002 du 09 ao\u00fbt 2022",
"url": "https://access.redhat.com/errata/RHSA-2022:6002"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Red Hat RHSA-2022:5998 du 09 ao\u00fbt 2022",
"url": "https://access.redhat.com/errata/RHSA-2022:5998"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Red Hat RHSA-2022:6003 du 09 ao\u00fbt 2022",
"url": "https://access.redhat.com/errata/RHSA-2022:6003"
}
]
}
CERTFR-2022-AVI-791
Vulnerability from certfr_avis - Published: 2022-09-02 - Updated: 2022-09-02
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 8.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 8.4 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux Server - AUS 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2022-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
}
],
"initial_release_date": "2022-09-02T00:00:00",
"last_revision_date": "2022-09-02T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat du 30 ao\u00fbt 2022",
"url": "https://access.redhat.com/errata/RHSA-2022:6243"
}
],
"reference": "CERTFR-2022-AVI-791",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Red Hat\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nun d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:6243 du 30 ao\u00fbt 2022",
"url": null
}
]
}
CERTFR-2022-AVI-375
Vulnerability from certfr_avis - Published: 2022-04-21 - Updated: 2022-04-21
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 21.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44879",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44879"
},
{
"name": "CVE-2022-28356",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28356"
},
{
"name": "CVE-2022-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1016"
},
{
"name": "CVE-2022-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1015"
},
{
"name": "CVE-2022-26966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26966"
},
{
"name": "CVE-2022-0854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0854"
},
{
"name": "CVE-2022-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1048"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2022-27223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27223"
},
{
"name": "CVE-2022-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1011"
},
{
"name": "CVE-2022-26878",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26878"
},
{
"name": "CVE-2022-24958",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24958"
},
{
"name": "CVE-2021-43976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
},
{
"name": "CVE-2022-26490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26490"
},
{
"name": "CVE-2022-24448",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24448"
},
{
"name": "CVE-2022-0617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0617"
},
{
"name": "CVE-2022-24959",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24959"
}
],
"initial_release_date": "2022-04-21T00:00:00",
"last_revision_date": "2022-04-21T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-375",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5381-1 du 20 avril 2022",
"url": "https://ubuntu.com/security/notices/USN-5381-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5383-1 du 20 avril 2022",
"url": "https://ubuntu.com/security/notices/USN-5383-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5384-1 du 20 avril 2022",
"url": "https://ubuntu.com/security/notices/USN-5384-1"
}
]
}
CERTFR-2022-AVI-783
Vulnerability from certfr_avis - Published: 2022-08-31 - Updated: 2022-08-31
De multiples vulnérabilités ont été corrigées dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2022-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
}
],
"initial_release_date": "2022-08-31T00:00:00",
"last_revision_date": "2022-08-31T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat du 30 ao\u00fbt 2022",
"url": "https://access.redhat.com/errata/RHSA-2022:6248"
}
],
"reference": "CERTFR-2022-AVI-783",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de Red Hat\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:6248 du 30 ao\u00fbt 2022",
"url": null
}
]
}
GHSA-C6F2-MJ5C-WFQ2
Vulnerability from github – Published: 2022-03-26 00:00 – Updated: 2022-04-08 00:00
VLAI?
Details
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.
Severity ?
4.4 (Medium)
{
"affected": [],
"aliases": [
"CVE-2022-0494"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-25T19:15:00Z",
"severity": "MODERATE"
},
"details": "A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.",
"id": "GHSA-c6f2-mj5c-wfq2",
"modified": "2022-04-08T00:00:38Z",
"published": "2022-03-26T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0494"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039448"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel@gmail.com"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5173"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
cve-2022-0494
Vulnerability from osv_almalinux
Published
2022-10-25 00:00
Modified
2023-09-15 13:41
Summary
Important: kernel-rt security and bug fix update
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
- kernel: information leak in scsi_ioctl() (CVE-2022-0494)
- Kernel: A kernel-info-leak issue in pfkey_register (CVE-2022-1353)
- hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)
- hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)
- hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [almalinux8-rt] BUG: using __this_cpu_add() in preemptible [00000000] - caller is __mod_memcg_lruvec_state+0x69/0x1c0 (BZ#2122600)
- The latest AlmaLinux 8.6.z4 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2125396)
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.rt7.189.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.rt7.189.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.rt7.189.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.rt7.189.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.rt7.189.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-kvm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.rt7.189.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.rt7.189.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.rt7.189.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.rt7.189.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-kvm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.rt7.189.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.rt7.189.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.rt7.189.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n* kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n* Kernel: A kernel-info-leak issue in pfkey_register (CVE-2022-1353)\n* hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n* hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n* hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [almalinux8-rt] BUG: using __this_cpu_add() in preemptible [00000000] - caller is __mod_memcg_lruvec_state+0x69/0x1c0 (BZ#2122600)\n* The latest AlmaLinux 8.6.z4 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2125396)",
"id": "ALSA-2022:7134",
"modified": "2023-09-15T13:41:48Z",
"published": "2022-10-25T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:7134"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-0494"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-1353"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-23816"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-23825"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-2588"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-29900"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-29901"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2039448"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2066819"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2090226"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2103148"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2103153"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2114849"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-7134.html"
}
],
"related": [
"CVE-2022-2588",
"CVE-2022-0494",
"CVE-2022-1353",
"CVE-2022-23816",
"CVE-2022-29900",
"CVE-2022-23825",
"CVE-2022-29901"
],
"summary": "Important: kernel-rt security and bug fix update"
}
cve-2022-0494
Vulnerability from osv_almalinux
Published
2022-10-25 00:00
Modified
2022-10-27 09:56
Summary
Important: kernel security, bug fix, and enhancement update
Details
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
- Information leak in scsi_ioctl() (CVE-2022-0494)
- A kernel-info-leak issue in pfkey_register (CVE-2022-1353)
- RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)
- Branch Type Confusion (non-retbleed) (CVE-2022-23825)
- RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Add s390_iommu_aperture kernel parameter (BZ#2081324)
- Blackscreen and hangup after resume from hibernate or S3 with DFGX WX3200 (BZ#2091065)
- Update NVME subsystem with bug fixes and minor changes (BZ#2106017)
- Fix parsing of nw_proto for IPv6 fragments (BZ#2106703)
- "vmcore failed, _exitcode:139" error observed while capturing vmcore during fadump after memory remove. incomplete vmcore is captured. (BZ#2107488)
- 'disable_policy' is ignored for addresses configured on a down interface (BZ#2109971)
- Backport request for new cpufreq.default_governor kernel command line parameter (BZ#2109996)
- Panics in mpt3sas mpt3sas_halt_firmware() if mpt3sas_fwfault_debug=1 enabled when poweroff issued to server (BZ#2111140)
- IOMMU/DMA update for 8.7 (BZ#2111692)
- Update Broadcom Emulex lpfc driver for AlmaLinux8.7 with bug fixes (14.0.0.13) (BZ#2112103)
- Incorrect Socket(s) & "Core(s) per socket" reported by lscpu command. (BZ#2112820)
- Panic in ch_release() due to NULL ch->device pointer, backport upstream fix (BZ#2115965)
- pyverbs-tests fail over qede IW HCAs on "test_query_rc_qp" (tests.test_qp.QPTest) (BZ#2119122)
- qedi shutdown handler hangs upon reboot (BZ#2119847)
- cache link_info for ethtool (BZ#2120197)
- Important iavf bug fixes (BZ#2120225)
- Hibernate crash with Aquantia 2.5/5 Gb LAN card (BZ#2124966)
- While using PTimekeeper the qede driver produces excessive log messages (BZ#2125477)
- general protection fault handling rpc_xprt.timer (BZ#2126184)
- Not enough device MSI-X vectors (BZ#2126482)
- Atlantic driver panic on wakeup after hybernate (BZ#2127845)
- Memory leak in vxlan_xmit_one (BZ#2131255)
- Missing hybernate/resume fixes (BZ#2131936)
Enhancement(s):
- Update smartpqi driver to latest upstream Second Set of Patches (BZ#2112354)
- qed/qede/qedr - driver updates to latest upstream (BZ#2120611)
- Update qedi driver to latest upstream (BZ#2120612)
- Update qedf driver to latest upstream (BZ#2120613)
- Include the support for new NVIDIA Mobile GFX GA103 on ADL Gen Laptops (BZ#2127122)
- Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64) (BZ#2129923)
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bpftool"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-abi-stablelists"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-cross-headers"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-headers"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-tools-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-tools-libs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "perf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-perf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-372.32.1.el8_6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n* Information leak in scsi_ioctl() (CVE-2022-0494)\n* A kernel-info-leak issue in pfkey_register (CVE-2022-1353)\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n* Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Add s390_iommu_aperture kernel parameter (BZ#2081324)\n* Blackscreen and hangup after resume from hibernate or S3 with DFGX WX3200 (BZ#2091065)\n* Update NVME subsystem with bug fixes and minor changes (BZ#2106017)\n* Fix parsing of nw_proto for IPv6 fragments (BZ#2106703)\n* \"vmcore failed, _exitcode:139\" error observed while capturing vmcore during fadump after memory remove. incomplete vmcore is captured. (BZ#2107488)\n* \u0027disable_policy\u0027 is ignored for addresses configured on a down interface (BZ#2109971)\n* Backport request for new cpufreq.default_governor kernel command line parameter (BZ#2109996)\n* Panics in mpt3sas mpt3sas_halt_firmware() if mpt3sas_fwfault_debug=1 enabled when poweroff issued to server (BZ#2111140)\n* IOMMU/DMA update for 8.7 (BZ#2111692)\n* Update Broadcom Emulex lpfc driver for AlmaLinux8.7 with bug fixes (14.0.0.13) (BZ#2112103)\n* Incorrect Socket(s) \u0026 \"Core(s) per socket\" reported by lscpu command. (BZ#2112820)\n* Panic in ch_release() due to NULL ch-\u003edevice pointer, backport upstream fix (BZ#2115965)\n* pyverbs-tests fail over qede IW HCAs on \"test_query_rc_qp\" (tests.test_qp.QPTest) (BZ#2119122)\n* qedi shutdown handler hangs upon reboot (BZ#2119847)\n* cache link_info for ethtool (BZ#2120197)\n* Important iavf bug fixes (BZ#2120225)\n* Hibernate crash with Aquantia 2.5/5 Gb LAN card (BZ#2124966)\n* While using PTimekeeper the qede driver produces excessive log messages (BZ#2125477)\n* general protection fault handling rpc_xprt.timer (BZ#2126184)\n* Not enough device MSI-X vectors (BZ#2126482)\n* Atlantic driver panic on wakeup after hybernate (BZ#2127845)\n* Memory leak in vxlan_xmit_one (BZ#2131255)\n* Missing hybernate/resume fixes (BZ#2131936)\n\nEnhancement(s):\n\n* Update smartpqi driver to latest upstream Second Set of Patches (BZ#2112354)\n* qed/qede/qedr - driver updates to latest upstream (BZ#2120611)\n* Update qedi driver to latest upstream (BZ#2120612)\n* Update qedf driver to latest upstream (BZ#2120613)\n* Include the support for new NVIDIA Mobile GFX GA103 on ADL Gen Laptops (BZ#2127122)\n* Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64) (BZ#2129923)",
"id": "ALSA-2022:7110",
"modified": "2022-10-27T09:56:48Z",
"published": "2022-10-25T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:7110"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-0494"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-1353"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-23816"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-23825"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-2588"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-29900"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-29901"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2039448"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2066819"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2090226"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2103148"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2103153"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2114849"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-7110.html"
}
],
"related": [
"CVE-2022-2588",
"CVE-2022-0494",
"CVE-2022-1353",
"CVE-2022-23816",
"CVE-2022-29900",
"CVE-2022-23825",
"CVE-2022-29901"
],
"summary": "Important: kernel security, bug fix, and enhancement update"
}
cve-2022-0494
Vulnerability from osv_almalinux
Published
2022-08-09 00:00
Modified
2022-08-10 21:25
Summary
Moderate: kernel security, bug fix, and enhancement update
Details
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * information leak in scsi_ioctl() (CVE-2022-0494) * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Power9 - LPAR fails to boot in shared processing mode and call traces are seen [Hash] (BZ#2092248) * Hard lockups are observed while running stress-ng and LPAR hangs (BZ#2092253) * FIPS module identification via name and version (BZ#2093384) * gfs2: File corruption with large writes when memory is tight (BZ#2097306) * i/o on initiator stuck when network is disrupted (4.18.0-372.9.1.el8.x86_64) (BZ#2098251) * AlmaLinux 9.1 doesn't support 3rd SATA (BZ#2099740) * Guest call trace when reboot after postcopy migration with high stress workload (BZ#2100903) * Oops or general protection fault with RIP decode_attr_security_label at decode_getfattr_attrs (BZ#2101854) * Oops as BUG: unable to handle page fault as free of uninitialized nfs4_label on nfs referral lookup (BZ#2101858) * lpar crash with Oops: Kernel access of bad area, sig: 11 [#1] when changing mtu of a bond interface (P10/ ibmvnic/ Haleakala) (BZ#2103085) * OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2109974) Enhancement(s): * iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2105326)
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bpftool"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-abi-stablelists"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-cross-headers"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-headers"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-tools-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-tools-libs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "perf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "python3-perf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\nSecurity Fix(es):\n* information leak in scsi_ioctl() (CVE-2022-0494)\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nBug Fix(es):\n* Power9 - LPAR fails to boot in shared processing mode and call traces are seen [Hash] (BZ#2092248)\n* Hard lockups are observed while running stress-ng and LPAR hangs (BZ#2092253)\n* FIPS module identification via name and version (BZ#2093384)\n* gfs2: File corruption with large writes when memory is tight (BZ#2097306)\n* i/o on initiator stuck when network is disrupted (4.18.0-372.9.1.el8.x86_64) (BZ#2098251)\n* AlmaLinux 9.1 doesn\u0027t support 3rd SATA (BZ#2099740)\n* Guest call trace when reboot after postcopy migration with high stress workload (BZ#2100903)\n* Oops or general protection fault with RIP decode_attr_security_label at decode_getfattr_attrs (BZ#2101854)\n* Oops as BUG: unable to handle page fault as free of uninitialized nfs4_label on nfs referral lookup (BZ#2101858)\n* lpar crash with Oops: Kernel access of bad area, sig: 11 [#1] when changing mtu of a bond interface (P10/ ibmvnic/ Haleakala) (BZ#2103085)\n* OS doesn\u0027t boot when vmd and interrupt remapping are enabled (BZ#2109974)\nEnhancement(s):\n* iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2105326)",
"id": "ALSA-2022:6003",
"modified": "2022-08-10T21:25:22Z",
"published": "2022-08-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:6003"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-0494"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-1055"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2039448"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2070220"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2022-6003.html"
}
],
"related": [
"CVE-2022-0494",
"CVE-2022-1055"
],
"summary": "Moderate: kernel security, bug fix, and enhancement update"
}
cve-2022-0494
Vulnerability from osv_almalinux
Published
2022-08-09 00:00
Modified
2022-08-10 17:13
Summary
Moderate: kernel-rt security and bug fix update
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * information leak in scsi_ioctl() (CVE-2022-0494) * use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * update RT source tree to the latest AlmaLinux-9.0.z2 Batch (BZ#2105450)
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-rt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.rt21.94.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-rt-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.rt21.94.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-rt-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.rt21.94.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-rt-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.rt21.94.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-rt-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.rt21.94.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-rt-debug-kvm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.rt21.94.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-rt-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.rt21.94.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-rt-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.rt21.94.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-rt-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.rt21.94.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-rt-kvm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.rt21.94.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-rt-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.rt21.94.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-rt-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-70.22.1.rt21.94.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\nSecurity Fix(es):\n* information leak in scsi_ioctl() (CVE-2022-0494)\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nBug Fix(es):\n* update RT source tree to the latest AlmaLinux-9.0.z2 Batch (BZ#2105450)",
"id": "ALSA-2022:6002",
"modified": "2022-08-10T17:13:29Z",
"published": "2022-08-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:6002"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-0494"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-1055"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2039448"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2070220"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2022-6002.html"
}
],
"related": [
"CVE-2022-0494",
"CVE-2022-1055"
],
"summary": "Moderate: kernel-rt security and bug fix update"
}
FKIE_CVE-2022-0494
Vulnerability from fkie_nvd - Published: 2022-03-25 19:15 - Updated: 2024-11-21 06:38
Severity ?
Summary
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2039448 | Issue Tracking | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel%40gmail.com/ | ||
| secalert@redhat.com | https://www.debian.org/security/2022/dsa-5161 | Third Party Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2022/dsa-5173 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2039448 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel%40gmail.com/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5161 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5173 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.17 | |
| linux | linux_kernel | 5.17 | |
| linux | linux_kernel | 5.17 | |
| linux | linux_kernel | 5.17 | |
| linux | linux_kernel | 5.17 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A37A8EE9-3F14-4C7A-A882-DA8A6AD1897C",
"versionEndExcluding": "5.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*",
"matchCriteriaId": "A59F7FD3-F505-48BD-8875-F07A33F42F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E6E34B23-78B4-4516-9BD8-61B33F4AC49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C030FA3D-03F4-4FB9-9DBF-D08E5CAC51AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B2D2677C-5389-4AE9-869D-0F881E80D923",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality."
},
{
"lang": "es",
"value": "Se ha identificado un fallo de filtrado de informaci\u00f3n del kernel en la funci\u00f3n scsi_ioctl en el archivo drivers/scsi/scsi_ioctl.c en el kernel de Linux. este fallo permite a un atacante local con un privilegio de usuario especial (CAP_SYS_ADMIN o CAP_SYS_RAWIO) crear problemas de confidencialidad"
}
],
"id": "CVE-2022-0494",
"lastModified": "2024-11-21T06:38:46.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-25T19:15:10.160",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039448"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel%40gmail.com/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel%40gmail.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-0494
Vulnerability from fstec - Published: 11.01.2022
VLAI Severity ?
Title
Уязвимость функции scsi_ioctl ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
Description
Уязвимость функции scsi_ioctl (drivers/scsi/scsi_ioctl.c) ядра операционной системы Linux связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю раскрыть защищаемую информацию
Severity ?
Vendor
ООО «РусБИТех-Астра», Red Hat Inc., Novell Inc., Сообщество свободного программного обеспечения, АО "НППКТ"
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, Suse Linux Enterprise Server, Debian GNU/Linux, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Linux
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 10 (Debian GNU/Linux), 12 SP3-ESPOS (Suse Linux Enterprise Server), 15-LTSS (Suse Linux Enterprise Server), 12 SP4-ESPOS (Suse Linux Enterprise Server), 12 SP4-LTSS (Suse Linux Enterprise Server), 15-ESPOS (Suse Linux Enterprise Server), 15 SP1-LTSS (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 15 SP2 LTSS (Suse Linux Enterprise Server), 1.7 (Astra Linux Special Edition), 15 SP3 (Suse Linux Enterprise Server), 15 SP4 (Suse Linux Enterprise Server), до 2.7 (ОСОН ОСнова Оnyx), от 4.0 до 4.9.316 включительно (Linux), от 4.10 до 4.14.281 включительно (Linux), от 4.15 до 4.19.245 включительно (Linux), от 4.20 до 5.4.192 включительно (Linux), от 5.5 до 5.10.114 включительно (Linux), от 5.11 до 5.15.26 включительно (Linux), от 5.16.0 до 5.16.12 включительно (Linux)
Possible Mitigations
Использование рекомендаций:
Для Linux:
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.317
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.282
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.246
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.193
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.115
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2022-0494
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2022-0494.html
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2022-0494
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
Для ОСОН ОСнова Оnyx (версия 2.7):
Обновление программного обеспечения linux до версии 5.15.86-1.osnova211
Для ОС Astra Linux Special Edition 1.7:
- обновить пакет linux до 5.4.0-162.astra1+ci6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17
- обновить пакет linux-5.10 до 5.10.142-1.astra6+ci24 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17
Для ОС Astra Linux 1.6 «Смоленск»:
- обновить пакет linux до 5.4.0-110.astra35+ci74 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
- обновить пакет linux-5.10 до 5.10.0-1057.astra6+ci79 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
Reference
https://access.redhat.com/security/cve/CVE-2022-0494
https://www.suse.com/security/cve/CVE-2022-0494.html
https://security-tracker.debian.org/tracker/CVE-2022-0494
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.317
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.282
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.246
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.193
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.115
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
CWE
CWE-200, CWE-908
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:N/A:N",
"CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 10 (Debian GNU/Linux), 12 SP3-ESPOS (Suse Linux Enterprise Server), 15-LTSS (Suse Linux Enterprise Server), 12 SP4-ESPOS (Suse Linux Enterprise Server), 12 SP4-LTSS (Suse Linux Enterprise Server), 15-ESPOS (Suse Linux Enterprise Server), 15 SP1-LTSS (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 15 SP2 LTSS (Suse Linux Enterprise Server), 1.7 (Astra Linux Special Edition), 15 SP3 (Suse Linux Enterprise Server), 15 SP4 (Suse Linux Enterprise Server), \u0434\u043e 2.7 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u043e\u0442 4.0 \u0434\u043e 4.9.316 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.281 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.245 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.192 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.5 \u0434\u043e 5.10.114 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.15.26 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.16.0 \u0434\u043e 5.16.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.317\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.282\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.246\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.193\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.115\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2022-0494\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2022-0494.html\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2022-0494\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.7):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f linux \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.15.86-1.osnova211\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux \u0434\u043e 5.4.0-162.astra1+ci6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.10 \u0434\u043e 5.10.142-1.astra6+ci24 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux \u0434\u043e 5.4.0-110.astra35+ci74 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.10 \u0434\u043e 5.10.0-1057.astra6+ci79 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.01.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.06.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-03400",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-0494",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, Suse Linux Enterprise Server, Debian GNU/Linux, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP5 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS , Novell Inc. Suse Linux Enterprise Server 15-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS , Novell Inc. Suse Linux Enterprise Server 12 SP4-LTSS , Novell Inc. Suse Linux Enterprise Server 15-ESPOS , Novell Inc. Suse Linux Enterprise Server 15 SP1-LTSS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Novell Inc. Suse Linux Enterprise Server 15 SP2 LTSS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. Suse Linux Enterprise Server 15 SP4 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.0 \u0434\u043e 4.9.316 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.10 \u0434\u043e 4.14.281 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.15 \u0434\u043e 4.19.245 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.20 \u0434\u043e 5.4.192 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.5 \u0434\u043e 5.10.114 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11 \u0434\u043e 5.15.26 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.16.0 \u0434\u043e 5.16.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 scsi_ioctl \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200), \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0435\u0438\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (CWE-908)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 scsi_ioctl (drivers/scsi/scsi_ioctl.c) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/CVE-2022-0494\nhttps://www.suse.com/security/cve/CVE-2022-0494.html\nhttps://security-tracker.debian.org/tracker/CVE-2022-0494\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.317\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.282\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.246\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.193\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.115\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.7/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-1023SE17\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200, CWE-908",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,4)"
}
GSD-2022-0494
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-0494",
"description": "A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.",
"id": "GSD-2022-0494",
"references": [
"https://www.suse.com/security/cve/CVE-2022-0494.html",
"https://ubuntu.com/security/CVE-2022-0494",
"https://www.debian.org/security/2022/dsa-5161",
"https://www.debian.org/security/2022/dsa-5173",
"https://alas.aws.amazon.com/cve/html/CVE-2022-0494.html",
"https://access.redhat.com/errata/RHSA-2022:6002",
"https://access.redhat.com/errata/RHSA-2022:6003",
"https://access.redhat.com/errata/RHSA-2022:6243",
"https://access.redhat.com/errata/RHSA-2022:6248",
"https://access.redhat.com/errata/RHSA-2022:7110",
"https://access.redhat.com/errata/RHSA-2022:7134"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-0494"
],
"details": "A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.",
"id": "GSD-2022-0494",
"modified": "2023-12-13T01:19:11.239283Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.17 rc5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2039448",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039448"
},
{
"name": "https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel@gmail.com/",
"refsource": "MISC",
"url": "https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel@gmail.com/"
},
{
"name": "DSA-5161",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"name": "DSA-5173",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5173"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.17:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.17:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.17:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0494"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2039448",
"refsource": "MISC",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039448"
},
{
"name": "https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel@gmail.com/",
"refsource": "MISC",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel@gmail.com/"
},
{
"name": "DSA-5161",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5161"
},
{
"name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"name": "DSA-5173",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5173"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-07-21T17:07Z",
"publishedDate": "2022-03-25T19:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…