ALSA-2022:7683
See a problem?- Source
- https://errata.almalinux.org/8/ALSA-2022-7683.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:7683.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2022:7683
- Related
- Published
- 2022-11-08T00:00:00Z
- Modified
- 2022-11-11T21:27:25Z
- Summary
- Moderate: kernel security, bug fix, and enhancement update
- Details
-
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)
- race condition in VTRESIZEX ioctl when vccons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)
- use-after-free vulnerability in function scosocksendmsg() (CVE-2021-3640)
- memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)
- smb2ioctlquery_info NULL Pointer Dereference (CVE-2022-0168)
- NULL pointer dereference in udfexpandfile_adinicbdue() during writeback (CVE-2022-0617)
- swiotlb information leak with DMAFROMDEVICE (CVE-2022-0854)
- uninitialized registers on stack in nftdochain can cause kernel pointer leakage to UM (CVE-2022-1016)
- race condition in sndpcmhw_free leading to use-after-free (CVE-2022-1048)
- use-after-free in tcnewtfilter() in net/sched/cls_api.c (CVE-2022-1055)
- use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)
- NULL pointer dereference in x86emulateinsn may lead to DoS (CVE-2022-1852)
- buffer overflow in nftsetdescconcatparse() (CVE-2022-2078)
- nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)
- openvswitch: integer underflow leads to out-of-bounds write in reservesfasize() (CVE-2022-2639)
- use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)
- net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)
- possible to use the debugger to write zero into a location of choice (CVE-2022-21499)
- Spectre-BHB (CVE-2022-23960)
- Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)
- memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)
- double free in emsusbstartxmit in drivers/net/can/usb/emsusb.c (CVE-2022-28390)
- use after free in SUNRPC subsystem (CVE-2022-28893)
- use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)
- DoS in nfqnlmangle in net/netfilter/nfnetlinkqueue.c (CVE-2022-36946)
- nfsatomicopen() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2022:7683
- https://access.redhat.com/security/cve/CVE-2020-36516
- https://access.redhat.com/security/cve/CVE-2020-36558
- https://access.redhat.com/security/cve/CVE-2021-30002
- https://access.redhat.com/security/cve/CVE-2021-3640
- https://access.redhat.com/security/cve/CVE-2022-0168
- https://access.redhat.com/security/cve/CVE-2022-0617
- https://access.redhat.com/security/cve/CVE-2022-0854
- https://access.redhat.com/security/cve/CVE-2022-1016
- https://access.redhat.com/security/cve/CVE-2022-1048
- https://access.redhat.com/security/cve/CVE-2022-1055
- https://access.redhat.com/security/cve/CVE-2022-1184
- https://access.redhat.com/security/cve/CVE-2022-1852
- https://access.redhat.com/security/cve/CVE-2022-20368
- https://access.redhat.com/security/cve/CVE-2022-2078
- https://access.redhat.com/security/cve/CVE-2022-21499
- https://access.redhat.com/security/cve/CVE-2022-23960
- https://access.redhat.com/security/cve/CVE-2022-24448
- https://access.redhat.com/security/cve/CVE-2022-2586
- https://access.redhat.com/security/cve/CVE-2022-26373
- https://access.redhat.com/security/cve/CVE-2022-2639
- https://access.redhat.com/security/cve/CVE-2022-27950
- https://access.redhat.com/security/cve/CVE-2022-28390
- https://access.redhat.com/security/cve/CVE-2022-28893
- https://access.redhat.com/security/cve/CVE-2022-2938
- https://access.redhat.com/security/cve/CVE-2022-29581
- https://access.redhat.com/security/cve/CVE-2022-36946
- https://bugzilla.redhat.com/1946279
- https://bugzilla.redhat.com/1980646
- https://bugzilla.redhat.com/2037386
- https://bugzilla.redhat.com/2051444
- https://bugzilla.redhat.com/2053632
- https://bugzilla.redhat.com/2058395
- https://bugzilla.redhat.com/2059928
- https://bugzilla.redhat.com/2062284
- https://bugzilla.redhat.com/2066614
- https://bugzilla.redhat.com/2066706
- https://bugzilla.redhat.com/2069408
- https://bugzilla.redhat.com/2070205
- https://bugzilla.redhat.com/2070220
- https://bugzilla.redhat.com/2073064
- https://bugzilla.redhat.com/2074208
- https://bugzilla.redhat.com/2084183
- https://bugzilla.redhat.com/2084479
- https://bugzilla.redhat.com/2088021
- https://bugzilla.redhat.com/2089815
- https://bugzilla.redhat.com/2096178
- https://bugzilla.redhat.com/2112693
- https://bugzilla.redhat.com/2114878
- https://bugzilla.redhat.com/2115065
- https://bugzilla.redhat.com/2115278
- https://bugzilla.redhat.com/2120175
- https://bugzilla.redhat.com/2123695
- https://errata.almalinux.org/8/ALSA-2022-7683.html
Affected packages
AlmaLinux:8 / bpftool
Package
- Name
- bpftool
AlmaLinux:8 / kernel
Package
- Name
- kernel
AlmaLinux:8 / kernel-abi-stablelists
Package
- Name
- kernel-abi-stablelists
AlmaLinux:8 / kernel-core
Package
- Name
- kernel-core
AlmaLinux:8 / kernel-cross-headers
Package
- Name
- kernel-cross-headers
AlmaLinux:8 / kernel-debug
Package
- Name
- kernel-debug
AlmaLinux:8 / kernel-debug-core
Package
- Name
- kernel-debug-core
AlmaLinux:8 / kernel-debug-devel
Package
- Name
- kernel-debug-devel
AlmaLinux:8 / kernel-debug-modules
Package
- Name
- kernel-debug-modules
AlmaLinux:8 / kernel-debug-modules-extra
Package
- Name
- kernel-debug-modules-extra
AlmaLinux:8 / kernel-devel
Package
- Name
- kernel-devel
AlmaLinux:8 / kernel-doc
Package
- Name
- kernel-doc
AlmaLinux:8 / kernel-headers
Package
- Name
- kernel-headers
AlmaLinux:8 / kernel-modules
Package
- Name
- kernel-modules
AlmaLinux:8 / kernel-modules-extra
Package
- Name
- kernel-modules-extra
AlmaLinux:8 / kernel-tools
Package
- Name
- kernel-tools
AlmaLinux:8 / kernel-tools-libs
Package
- Name
- kernel-tools-libs
AlmaLinux:8 / kernel-tools-libs-devel
Package
- Name
- kernel-tools-libs-devel
AlmaLinux:8 / kernel-zfcpdump
Package
- Name
- kernel-zfcpdump
AlmaLinux:8 / kernel-zfcpdump-core
Package
- Name
- kernel-zfcpdump-core
AlmaLinux:8 / kernel-zfcpdump-devel
Package
- Name
- kernel-zfcpdump-devel
AlmaLinux:8 / kernel-zfcpdump-modules
Package
- Name
- kernel-zfcpdump-modules
AlmaLinux:8 / kernel-zfcpdump-modules-extra
Package
- Name
- kernel-zfcpdump-modules-extra
AlmaLinux:8 / perf
Package
- Name
- perf