SB2022051043 - Slackware Linux update for Slackware 15.0 kernel
Published: May 10, 2022 Updated: January 7, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 37 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2022-0001)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.
2) Information disclosure (CVE-ID: CVE-2022-0002)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.
3) NULL pointer dereference (CVE-ID: CVE-2022-0168)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS). A privileged (CAP_SYS_ADMIN) attacker can perform a denial of service (DoS) attack.
4) Information disclosure (CVE-ID: CVE-2022-0494)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the scsi_ioctl() function in drivers/scsi/scsi_ioctl.c in the Linux kernel. A local user with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) can gain unauthorized access to sensitive information on the system.
5) Out-of-bounds write (CVE-ID: CVE-2022-0500)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in unrestricted eBPF usage by the BPF_BTF_LOAD in Linux kernel. A local user can trigger an out-of-bounds write error in BPF subsystem and execute arbitrary code with elevated privileges.
6) Memory leak (CVE-ID: CVE-2022-0742)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within igmp6_event_query() and igmp6_event_report() functions in Linux kernel when handling ICMPv6 packets. A remote attacker can flood the system with ICMPv6 messages of type 130 and 131 to cause out-of-memory condition and perform a denial of service (DoS) attack.
7) Memory leak (CVE-ID: CVE-2022-0854)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in the Linux kernel’s DMA subsystem when processing DMA_FROM_DEVICE calls. A local user can trigger a memory leak error and read random memory from the kernel space.
8) Out-of-bounds write (CVE-ID: CVE-2022-0995)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Linux kernel’s watch_queue event notification subsystem. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
9) Use-after-free (CVE-ID: CVE-2022-1011)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the write() function of FUSE filesystem. A local user can retireve (partial) /etc/shadow hashes and execute arbitrary code with elevated privileges.
10) Out-of-bounds write (CVE-ID: CVE-2022-1015)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_validate_register_store and nft_validate_register_load in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. A local user can escalate privileges on the system.
11) Use-after-free (CVE-ID: CVE-2022-1016)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in net/netfilter/nf_tables_core.c:nft_do_chain in Linux kernel.. A local user can trigger a use-after-free error and gain access to sensitive information.
12) Use-after-free (CVE-ID: CVE-2022-1048)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a use-after-free error in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. A local user can execute arbitrary code with elevated privileges and perform a denial-of-service attack.
13) Out-of-bounds write (CVE-ID: CVE-2022-1158)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due the KVM implementation in Linux kernel does not properly perform guest page table updates in some situations. A remote user on the guest operating system can trigger memory corruption and perform a denial of service attack against the host OS.
14) Use-after-free (CVE-ID: CVE-2022-1198)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the drivers/net/hamradio/6pack.c. A local user can perform a denial of service (DoS) attack by simulating Amateur Radio.
15) NULL pointer dereference (CVE-ID: CVE-2022-1199)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a Null pointer dereference and use after free errors in the ax25_release() function. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.
16) Use-after-free (CVE-ID: CVE-2022-1204)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel’s Amateur Radio AX.25 protocol functionality when user connects with the protocol. A local user can trigger use-after-free error to perform a denial of service attack or escalate privileges on the system.
17) NULL pointer dereference (CVE-ID: CVE-2022-1205)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a null pointer dereference and use after free errors in the net/ax25/ax25_timer.c. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.
18) NULL pointer dereference (CVE-ID: CVE-2022-1263)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to kvm implementation in the Linux kernel does not handle releasing a virtual cpu properly. A local user can pass specially crafted data and perform a denial of service (DoS) attack.
19) Information disclosure (CVE-ID: CVE-2022-1353)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the pfkey_register function in net/key/af_key.c in the Linux kernel. A local user can gain unauthorized access to kernel memory, leading to a system crash or a leak of internal kernel information.
20) NULL pointer dereference (CVE-ID: CVE-2022-1516)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference error in the Linux kernel’s X.25 set of standardized network protocols functionality. A local user can terminate session using a simulated Ethernet card and perform a denial of service (DoS) attack.
21) Race condition (CVE-ID: CVE-2022-23036)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the blkfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
22) Race condition (CVE-ID: CVE-2022-23037)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the netfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
23) Race condition (CVE-ID: CVE-2022-23038)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the scsifront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
24) Race condition (CVE-ID: CVE-2022-23039)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the gntalloc ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
25) Race condition (CVE-ID: CVE-2022-23040)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in the xenbus ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
26) Race condition (CVE-ID: CVE-2022-23041)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls ring buffers. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
27) Reachable Assertion (CVE-ID: CVE-2022-23042)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to reachable assertion in the netfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
28) Security restrictions bypass (CVE-ID: CVE-2022-23222)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to availability of pointer arithmetic via certain *_OR_NULL pointer types in kernel/bpf/verifier.c in the Linux kernel. A local user can run a specially crafted program to execute arbitrary code with root privileges.
29) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-23960)
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.
The vulnerability was dubbed Spectre-BHB.
30) Release of invalid pointer or reference (CVE-ID: CVE-2022-24958)
The vulnerability allows remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to release of illegal memory vulnerability in the drivers/usb/gadget/legacy/inode.c. A remote attacker can send specially crafted data and perform a denial of service (DoS) attack.
31) Buffer overflow (CVE-ID: CVE-2022-26490)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the st21nfca_connectivity_event_received() function in drivers/nfc/st21nfca/se.c in Linux kernel. A local user can run a specially crafted program to trigger buffer overflow and execute arbitrary code with elevated privileges.
32) Heap-based buffer overflow (CVE-ID: CVE-2022-27666)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c in Linux kernel. A local unprivileged user can pass specially crafted data to the system, trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.
33) Memory leak (CVE-ID: CVE-2022-28356)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in net/llc/af_llc.c component. A remote attacker can force the system to leak memory and perform denial of service attack.
34) Double Free (CVE-ID: CVE-2022-28388)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to boundary error in the usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.
35) Double Free (CVE-ID: CVE-2022-28389)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to boundary error in mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.
36) Double Free (CVE-ID: CVE-2022-28390)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to boundary error in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.
37) Use-after-free (CVE-ID: CVE-2022-29582)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the io_uring timeouts() function in the Linux kernel. A local user can trigger a race condition between timeout flush and removal to cause a denial of service or escalate privileges on the system.
Remediation
Install update from vendor's website.