SB20240806124 - Amazon Linux AMI update for kernel
Published: August 6, 2024 Updated: December 13, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 114 secuirty vulnerabilities.
1) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2021-26341)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to some AMD CPUs may transiently execute beyond unconditional direct branches. A local user can gain unauthorized access to sensitive information on the system.
2) Information disclosure (CVE-ID: CVE-2021-26401)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within LFENCE/JMP. A local user can gain unauthorized access to sensitive information on the system.
3) Information disclosure (CVE-ID: CVE-2022-0001)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.
4) Information disclosure (CVE-ID: CVE-2022-0002)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.
5) Incomplete cleanup (CVE-ID: CVE-2022-0171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incomplete cleanup in KVM SEV API. A local non-root (host) user-level application can crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).
6) Integer overflow (CVE-ID: CVE-2022-0185)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in the legacy_parse_param() function in fs/fs_context.c in Linux kernel. A local user can tun a specially crafted program to trigger integer overflow and execute arbitrary code with root privileges.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-0492)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a logic error within the cgroup_release_agent_write() function in kernel/cgroup/cgroup-v1.c. A local user can use the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation.
8) Information disclosure (CVE-ID: CVE-2022-0494)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the scsi_ioctl() function in drivers/scsi/scsi_ioctl.c in the Linux kernel. A local user with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) can gain unauthorized access to sensitive information on the system.
9) Out-of-bounds write (CVE-ID: CVE-2022-0500)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in unrestricted eBPF usage by the BPF_BTF_LOAD in Linux kernel. A local user can trigger an out-of-bounds write error in BPF subsystem and execute arbitrary code with elevated privileges.
10) Memory leak (CVE-ID: CVE-2022-0742)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within igmp6_event_query() and igmp6_event_report() functions in Linux kernel when handling ICMPv6 packets. A remote attacker can flood the system with ICMPv6 messages of type 130 and 131 to cause out-of-memory condition and perform a denial of service (DoS) attack.
11) Use of uninitialized resource (CVE-ID: CVE-2022-0847)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an uninitialized resources. A local user can overwrite arbitrary file in the page cache, even if the file is read-only, and execute arbitrary code on the system with elevated privileges.
The vulnerability was dubbed Dirty Pipe.
12) Memory leak (CVE-ID: CVE-2022-0854)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in the Linux kernel’s DMA subsystem when processing DMA_FROM_DEVICE calls. A local user can trigger a memory leak error and read random memory from the kernel space.
13) Out-of-bounds write (CVE-ID: CVE-2022-1015)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_validate_register_store and nft_validate_register_load in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. A local user can escalate privileges on the system.
14) Use-after-free (CVE-ID: CVE-2022-1016)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in net/netfilter/nf_tables_core.c:nft_do_chain in Linux kernel.. A local user can trigger a use-after-free error and gain access to sensitive information.
15) Use-after-free (CVE-ID: CVE-2022-1055)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tc_new_tfilter in Linux kernel. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.
16) Out-of-bounds write (CVE-ID: CVE-2022-1158)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due the KVM implementation in Linux kernel does not properly perform guest page table updates in some situations. A remote user on the guest operating system can trigger memory corruption and perform a denial of service attack against the host OS.
17) Use-after-free (CVE-ID: CVE-2022-1184)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in fs/ext4/namei.c:dx_insert_block() function in the Linux kernel’s filesystem sub-component.. A local user can trigger use-after-free and perform a denial of service attack.
18) NULL pointer dereference (CVE-ID: CVE-2022-1199)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a Null pointer dereference and use after free errors in the ax25_release() function. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.
19) NULL pointer dereference (CVE-ID: CVE-2022-1263)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to kvm implementation in the Linux kernel does not handle releasing a virtual cpu properly. A local user can pass specially crafted data and perform a denial of service (DoS) attack.
20) Information disclosure (CVE-ID: CVE-2022-1353)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the pfkey_register function in net/key/af_key.c in the Linux kernel. A local user can gain unauthorized access to kernel memory, leading to a system crash or a leak of internal kernel information.
21) Out-of-bounds read (CVE-ID: CVE-2022-1462)
The vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the the Linux kernel’s TeleTYpe subsystem caused by a race condition when using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory file. A local user can trigger an out-of-bounds read error and crash the system or read random kernel memory.
22) Use-after-free (CVE-ID: CVE-2022-1679)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath9k_htc_wait_for_target() function in the Linux kernel’s Atheros wireless adapter driver. A local user can execute arbitrary code with elevated privileges.
23) Race condition (CVE-ID: CVE-2022-1729)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within sys_perf_event_open() in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
24) NULL pointer dereference (CVE-ID: CVE-2022-1789)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference in kvm_mmu_invpcid_gva. A local attacker can trigger vulnerability to perform a denial of service (DoS) attack.
25) NULL pointer dereference (CVE-ID: CVE-2022-1852)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s KVM module. A local user can perform a denial of service (DoS) attack in the x86_emulate_insn in arch/x86/kvm/emulate.c.
26) Use-after-free (CVE-ID: CVE-2022-1966)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can trigger use-after-free error to escalate privileges on the system.
27) Out-of-bounds write (CVE-ID: CVE-2022-1972)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in the Linux kernel's netfilter subsystem. A local user can trigger out-of-bounds write to escalate privileges on the system.
28) Use-after-free (CVE-ID: CVE-2022-1973)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error within the NTFS file system implementation in the Linux
kernel. A local user can trigger a use-after-free error and crash the system or gain access to sensitive information.
29) Buffer overflow (CVE-ID: CVE-2022-2078)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_set_desc_concat_parse() function in Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
30) Information disclosure (CVE-ID: CVE-2022-21123)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
31) Information disclosure (CVE-ID: CVE-2022-21125)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
32) Information disclosure (CVE-ID: CVE-2022-21166)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
33) Security features bypass (CVE-ID: CVE-2022-21505)
The vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect implementation of the IMA lockdown feature. If IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine with Secure Boot. An attacker with physical access to device can bypass Secure Boot mechanism.
34) Security restrictions bypass (CVE-ID: CVE-2022-23222)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to availability of pointer arithmetic via certain *_OR_NULL pointer types in kernel/bpf/verifier.c in the Linux kernel. A local user can run a specially crafted program to execute arbitrary code with root privileges.
35) Type Confusion (CVE-ID: CVE-2022-23816)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.
36) Type Confusion (CVE-ID: CVE-2022-23825)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.
37) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-23960)
The vulnerability allows a local user to obtain potentially sensitive information.
The vulnerability exists due to improper restrictions of cache speculation. A local user can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches and gain access to sensitive information.
The vulnerability was dubbed Spectre-BHB.
38) Release of invalid pointer or reference (CVE-ID: CVE-2022-24958)
The vulnerability allows remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to release of illegal memory vulnerability in the drivers/usb/gadget/legacy/inode.c. A remote attacker can send specially crafted data and perform a denial of service (DoS) attack.
39) Heap-based buffer overflow (CVE-ID: CVE-2022-25636)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in net/netfilter/nf_dup_netdev.c in the Linux kernel, related to nf_tables_offload. A local user can trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.
40) Resource management error (CVE-ID: CVE-2022-2585)
The vulnerability allows a local user to perform a denial of service (DoS) attack or escalate privileges on the system.
The vulnerability exists due to improper management of internal resources in POSIX CPU timers when handling death of a process. A local user can crash the kernel or execute arbitrary code.
41) Use-after-free (CVE-ID: CVE-2022-2586)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the netfilter subsystem implementation in Linux kernel when preventing one nft object from referencing an nft set in another nft table. A local user can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.
42) Double Free (CVE-ID: CVE-2022-2588)
The vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a double free error within the network packet scheduler implementation
in the route4_change() function in Linux kernel when removing all references to a route filter
before freeing it. A local user can run a specially crafted program to
crash the kernel or execute arbitrary code.
43) Use-after-free (CVE-ID: CVE-2022-2602)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error caused by an io_uring request, which is being processed on a registered file. The Unix GC runs and frees the io_uring file descriptor and all the registered file descriptors in a specific order that may allow a local user to win a race and execute arbitrary code with elevated privileges.
44) Information disclosure (CVE-ID: CVE-2022-26365)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
45) Security restrictions bypass (CVE-ID: CVE-2022-26373)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of return predictor targets between contexts in Intel CPU processors. A local user can bypass the expected architecture isolation between contexts and gain access to sensitive information on the system.
46) Input validation error (CVE-ID: CVE-2022-2663)
The vulnerability allows a remote attacker to bypass firewall rules.
The vulnerability exists due to insufficient validation of user-supplied input in nf_conntrack_irc in Linux kernel. A remote attacker can send unencrypted IRC with nf_conntrack_irc configured and bypass configured firewall rules.
47) Improper Validation of Array Index (CVE-ID: CVE-2022-27223)
The vulnerability allows a remote attacker to execute arbitrary code with elevated privileges.The vulnerability exists due to improper validation of array index in drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel. A remote attacker can send specially crafted data to the system and execute arbitrary code with elevated privileges.
48) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-28693)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to unprotected alternative channel of return branch target prediction. A local user can gain access to sensitive information.
49) Use-after-free (CVE-ID: CVE-2022-28893)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the SUNRPC subsystem in the Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
50) Out-of-bounds read (CVE-ID: CVE-2022-2905)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the Linux kernel BPF subsystem. A local user can call the bpf_tail_call() function with a key larger than the max_entries of the map, trigger an out-of-bounds read and read parts of kernel memory.
51) Double Free (CVE-ID: CVE-2022-29156)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel. A remote attacker can pass specially crafted data to the application, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
52) Improper update of reference count (CVE-ID: CVE-2022-29581)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper update of reference count in net/sched in Linux kernel. A local user can execute arbitrary code with root privileges.
53) Use-after-free (CVE-ID: CVE-2022-29582)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the io_uring timeouts() function in the Linux kernel. A local user can trigger a race condition between timeout flush and removal to cause a denial of service or escalate privileges on the system.
54) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-29900)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a mistrained branch predictions for return instructions. A local user can execute arbitrary speculative code under certain microarchitecture-dependent conditions. The vulnerability was dubbed RETbleed.
55) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-29901)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the way non-transparent sharing of branch predictor targets between contexts. A local user can exploit the vulnerability to gain access to sensitive information.
56) Race condition (CVE-ID: CVE-2022-3028)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. A local user can exploit the race and escalate privileges on the system.
57) Incorrect default permissions (CVE-ID: CVE-2022-30594)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to mishandling seccomp permissions. A local user can bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag and escalate privileges on the system.
58) Division by zero (CVE-ID: CVE-2022-3061)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to missing checks of the "pixclock" value in the Linux kernel i740 driver. A local user can pass arbitrary values to the driver through ioctl() interface, trigger a divide by zero error and perform a denial of service (DoS) attack.
59) Use-after-free (CVE-ID: CVE-2022-3176)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in io_uring implementation in the Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
60) Use-after-free (CVE-ID: CVE-2022-32250)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free incorrect NFT_STATEFUL_EXPR in net/netfilter/nf_tables_api.c in Linux kernel. A local user with ability to create user/net namespaces can execute arbitrary code with root privileges.
61) Buffer overflow (CVE-ID: CVE-2022-32981)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in ptrace PEEKUSER and POKEUSER when accessing floating point registers on powerpc 32-bit platforms. A local user can trigger buffer overflow and execute arbitrary code with elevated privileges.
62) NULL pointer dereference (CVE-ID: CVE-2022-3303)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel sound subsystem due to improper locking when handling the SNDCTL_DSP_SYNC ioctl. A privileged local user can trigger a NULL pointer dereference error and perform a denial of service (DoS) attack.
63) Information disclosure (CVE-ID: CVE-2022-33740)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
64) Information disclosure (CVE-ID: CVE-2022-33741)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
65) Information disclosure (CVE-ID: CVE-2022-33742)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
66) Resource management error (CVE-ID: CVE-2022-33743)
The vulnerability allows a malicious network backend to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in eXpress Data Path support implementation in Xen, allowing Linux netfront to use freed SKBs. A malicious network backend can cause denial of service on the guest OS.
67) Out-of-bounds read (CVE-ID: CVE-2022-3435)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the fib_nh_match() function in net/ipv4/fib_semantics.c IPv4 handler. A remote attacker can send specially crafted data to the system, trigger an out-of-bounds read error and read contents of memory on the system.
68) Double Free (CVE-ID: CVE-2022-34494)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the rpmsg_virtio_add_ctrl_dev() function in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel remote processor messaging (rpmsg) framework. A local user can run a specially crafted program to trigger a double free error and perform a denial of service (DoS) attack.
69) Double Free (CVE-ID: CVE-2022-34495)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the rpmsg_probe() function in drivers/rpmsg/virtio_rpmsg_bus.c in Linux kernel. A local user can trigger a double free error in the virtio RPMSG bus driver and crash the system.
70) Type Confusion (CVE-ID: CVE-2022-34918)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the Linux kernel’s Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. A local user can pass specially crafted data to the application, trigger a type confusion error and escalate privileges on the system.
71) Race condition (CVE-ID: CVE-2022-3522)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition within the hugetlb_no_page() function in the mm/hugetlb.c. A local user can exploit the race and gain access to sensitive information.
72) Use-after-free (CVE-ID: CVE-2022-3523)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when in mm/memory.c in Linux kernel. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
73) Memory leak (CVE-ID: CVE-2022-3524)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the ipv6_renew_options() function when retrieving a new IPv6 address from a malicious DHCP server. A remote attacker can force the system to leak memory and perform denial of service attack.
74) Use-after-free (CVE-ID: CVE-2022-3534)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btf_dump_name_dups() function in tools/lib/bpf/btf_dump.c. A local user can execute arbitrary code with elevated privileges.
75) Memory leak (CVE-ID: CVE-2022-3543)
The vulnerability allows a local user to perform a DoS attack.
The vulnerability exists due memory leak within the unix_sock_destructor/unix_release_sock() function in net/unix/af_unix.c. A local user can force the system to leak memory and perform denial of service attack.
76) Race condition (CVE-ID: CVE-2022-3566)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the tcp_getsockopt() and tcp_setsockopt() functions in net/ipv4/tcp.c, do_ipv6_setsockopt() function in net/ipv6/ipv6_sockglue.c, and tcp_v6_connect() function in net/ipv6/tcp_ipv6.c in Linux kernel. A local user can exploit the race and escalate privileges on the system.
77) Race condition (CVE-ID: CVE-2022-3567)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the inet6_stream_ops() and inet6_dgram_ops() functions. A local user can exploit the race and escalate privileges on the system.
78) NULL pointer dereference (CVE-ID: CVE-2022-3606)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the find_prog_by_sec_insn() function in tools/lib/bpf/libbpf.c of the BPF component. A local user can perform a denial of service (DoS) attack.
79) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-36123)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Linux kernel lacks a certain clear operation for the block starting symbol (.bss). A local user on the Xen PV guest OS can perform a denial of service attack or escalate privileges on the guest OS.
80) Race condition (CVE-ID: CVE-2022-3623)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the follow_page_pte() function in mm/gup.c. A local user can exploit the race and escalate privileges on the system.
81) Input validation error (CVE-ID: CVE-2022-3643)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of network packets. An attacker with access to the guest OS can trigger the related physical NIC on the host to reset, abort, or crash by sending certain kinds of packets.
82) Resource management error (CVE-ID: CVE-2022-36879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the xfrm_expand_policies() function in net/xfrm/xfrm_policy.c. A local user can cause the refcount to be dropped twice and perform a denial of service (DoS) attack.
83) Input validation error (CVE-ID: CVE-2022-36946)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the nfqnl_mangle() function in net/netfilter/nfnetlink_queue.c in the Linux kernel when processing IPv6 packets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
84) Race condition (CVE-ID: CVE-2022-39188)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within include/asm-generic/tlb.h in the Linux kernel. A local user can exploit the race and escalate privileges on the system.
Note, this only occurs in situations with VM_PFNMAP VMAs.
85) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-39189)
The vulnerability allows a guest user to escalate privileges on the system.
The vulnerability exists due to incorrect handling of TLB flush operations in certain KVM_VCPU_PREEMPTED situations in the x86 KVM subsystem in the Linux kernel. An attacker with unprivileged access to the guest OS can escalate privileges on the guest.
86) Out-of-bounds read (CVE-ID: CVE-2022-39190)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds read error within the net/netfilter/nf_tables_api.c in the Linux kernel. A local user can bind to an already bound chain and crash the kernel.
87) Integer overflow (CVE-ID: CVE-2022-39842)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the pxa3xx_gcu_write() function in drivers/video/fbdev/pxa3xx-gcu.c in Linux kernel. A local user can trigger an integer overflow and execute arbitrary code with escalated privileges.
88) Use-after-free (CVE-ID: CVE-2022-40307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the drivers/firmware/efi/capsule-loader.c in Linux kernel. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
89) Buffer overflow (CVE-ID: CVE-2022-4139)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the i915 kernel driver on Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
90) Resource management error (CVE-ID: CVE-2022-42328)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources. An attacker with access to the guest OS can trigger deadlock in Linux netback driver and perform a denial of service (DoS) attack of the host via the paravirtualized network interface.
91) Resource management error (CVE-ID: CVE-2022-42329)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources. An attacker with access to the guest OS can trigger deadlock in Linux netback driver and perform a denial of service (DoS) attack of the host via the paravirtualized network interface.
92) Out-of-bounds write (CVE-ID: CVE-2022-43750)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
93) Stack-based buffer overflow (CVE-ID: CVE-2022-4378)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the __do_proc_dointvec() function. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.
94) Use-after-free (CVE-ID: CVE-2022-4379)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the __nfs42_ssc_open() function in fs/nfs/nfs4file.c. A remote attacker can perform a denial of service (DoS) attack.
95) Buffer overflow (CVE-ID: CVE-2022-43945)
The vulnerability allows a remote attacker to perform a denial of service attacl.
The vulnerability exists due to a boundary error within the Linux kernel NFSD implementation. A remote attacker can send the RPC message over TCP with garbage data added at the end of the message, trigger memory corruption and perform a denial of service (DoS) attack.
96) Race condition (CVE-ID: CVE-2022-45869)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to a race condition within the x86 KVM subsystem in the Linux kernel when nested virtualisation and the TDP MMU are enabled. A remote user on the guest OS can exploit the race and crash the host OS.
97) NULL pointer dereference (CVE-ID: CVE-2022-4842)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the attr_punch_hole() () function in Linux kernel NTFS3 driver. A local user can perform a denial of service (DoS) attack.
98) Input validation error (CVE-ID: CVE-2022-48619)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the input_set_capability() function in drivers/input/input.c. A local user can crash the OS kernel.
99) Integer overflow (CVE-ID: CVE-2023-0179)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an integer overflow within the nft_payload_copy_vlan() function in Linux kernel Netfilter. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
100) NULL pointer dereference (CVE-ID: CVE-2023-0394)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.
101) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2023-0459)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper implementation of speculative execution barriers in usercopy functions
in certain situations. A local user can gain access to sensitive information.
102) Use-after-free (CVE-ID: CVE-2023-0461)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Upper Level Protocol (ULP) subsystem in Linux kernel caused by improper handling of sockets entering the LISTEN state in certain protocols. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
103) Use-after-free (CVE-ID: CVE-2023-0469)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error during the cleanup call within the io_install_fixed_file() function in io_uring/filetable.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
104) Use-after-free (CVE-ID: CVE-2023-0590)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the qdisc_graft() function in net/sched/sch_api.c. A local user can trigger a use-after-free error and crash the kernel.
105) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2023-1637)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due speculative execution behavior in the Linux kernel X86 CPU Power management options functionality. A local user can gain access to sensitive information.
106) Improper update of reference count (CVE-ID: CVE-2023-2019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper update of reference count within the scheduling of events in drivers/net/netdevsim/fib.c. A local privileged user can perform a denial of service (DoS) attack.
107) NULL pointer dereference (CVE-ID: CVE-2023-2177)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the net/sctp/stream_sched.c in Linux kernel. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
108) Use-after-free (CVE-ID: CVE-2023-26544)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the run_unpack() function in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
109) Use-after-free (CVE-ID: CVE-2023-3111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the prepare_to_relocate() function in fs/btrfs/relocation.c in btrfs in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
110) NULL pointer dereference (CVE-ID: CVE-2023-3357)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel AMD Sensor Fusion Hub driver. A local user can perform a denial of service (DoS) attack.
111) Double Free (CVE-ID: CVE-2023-4387)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary error within the vmxnet3_rq_alloc_rx_buf() function in drivers/net/vmxnet3/vmxnet3_drv.c in VMware vmxnet3 ethernet NIC driver. A local user can trigger a double free error and gain access to sensitive information or crash the kernel.
112) NULL pointer dereference (CVE-ID: CVE-2023-4459)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vmxnet3_rq_cleanup() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
113) Use-after-free (CVE-ID: CVE-2024-0562)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further
write-back and waits for associated delayed work to complete. However,
wb_inode_writeback_end() may schedule bandwidth estimation work after
this has completed, which can result in the timer attempting to access
the recently freed bdi_writeback. A local user can execute arbitrary code with elevated privileges.
114) Buffer overflow (CVE-ID: CVE-2021-22543)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Linux kernel when handling VM_IO|VM_PFNMAP vmas in KVM. A local user can can bypass RO checks and cause the pages to get freed while still accessible by the VMM and guest. As a result, an attacker with the ability to start and control a VM to read/write random pages of memory, can trigger memory corruption and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.