SB2023020353 - Anolis OS update for kernel(RHCK)3.10
Published: February 3, 2023 Updated: March 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2021-26401)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within LFENCE/JMP. A local user can gain unauthorized access to sensitive information on the system.
2) Information disclosure (CVE-ID: CVE-2017-5715)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
3) Out-of-bounds write (CVE-ID: CVE-2022-2964)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.