ALSA-2022:8267

See a problem?
Please try reporting it to the source first.

Source

https://errata.almalinux.org/9/ALSA-2022-8267.html

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2022:8267.json

JSON Data

https://api.osv.dev/v1/vulns/ALSA-2022:8267

Related

CVE-2020-36516
CVE-2021-3640
CVE-2022-0168
CVE-2022-0617
CVE-2022-0854
CVE-2022-1016
CVE-2022-1048
CVE-2022-1184
CVE-2022-1280
CVE-2022-1353
CVE-2022-1679
CVE-2022-1852
CVE-2022-1998
CVE-2022-20368
CVE-2022-21123
CVE-2022-21125
CVE-2022-21166
CVE-2022-21499
CVE-2022-23816
CVE-2022-23825
CVE-2022-24448
CVE-2022-2586
CVE-2022-26373
CVE-2022-2639
CVE-2022-28390
CVE-2022-28893
CVE-2022-29581
CVE-2022-29900
CVE-2022-29901
CVE-2022-36946
CVE-2022-39190

Published

2022-11-15T00:00:00Z

Modified

2022-11-18T00:56:49Z

Summary

Moderate: kernel security, bug fix, and enhancement update

Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)
use-after-free vulnerability in function scosocksendmsg() (CVE-2021-3640)
smb2ioctlquery_info NULL pointer dereference (CVE-2022-0168)
NULL pointer dereference in udfexpandfile_adinicbdue() during writeback (CVE-2022-0617)
swiotlb information leak with DMAFROMDEVICE (CVE-2022-0854)
uninitialized registers on stack in nftdochain can cause kernel pointer leakage to UM (CVE-2022-1016)
race condition in sndpcmhw_free leading to use-after-free (CVE-2022-1048)
use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)
concurrency use-after-free between drmsetmasterioctl and drmmodegetresources (CVE-2022-1280)
kernel info leak issue in pfkey_register (CVE-2022-1353)
use-after-free in ath9khtcprobe_device() could cause an escalation of privileges (CVE-2022-1679)
NULL pointer dereference in x86emulateinsn may lead to DoS (CVE-2022-1852)
fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)
nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)
integer underflow leads to out-of-bounds write in reservesfasize() (CVE-2022-2639)
slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)
incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)
incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)
incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)
possible to use the debugger to write zero into a location of choice (CVE-2022-21499)
AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)
AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)
Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)
double free in emsusbstartxmit in drivers/net/can/usb/emsusb.c (CVE-2022-28390)
use after free in SUNRPC subsystem (CVE-2022-28893)
use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)
Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)
DoS in nfqnlmangle in net/netfilter/nfnetlinkqueue.c (CVE-2022-36946)
nf_tables disallow binding to already bound chain (CVE-2022-39190)
nfsatomicopen() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:9 / bpftool

Package

Name: bpftool

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel

Package

Name: kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-abi-stablelists

Package

Name: kernel-abi-stablelists

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-core

Package

Name: kernel-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-cross-headers

Package

Name: kernel-cross-headers

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-debug

Package

Name: kernel-debug

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-debug-core

Package

Name: kernel-debug-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-debug-devel

Package

Name: kernel-debug-devel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-debug-devel-matched

Package

Name: kernel-debug-devel-matched

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-debug-modules

Package

Name: kernel-debug-modules

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-debug-modules-extra

Package

Name: kernel-debug-modules-extra

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-devel

Package

Name: kernel-devel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-devel-matched

Package

Name: kernel-devel-matched

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-doc

Package

Name: kernel-doc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-headers

Package

Name: kernel-headers

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-modules

Package

Name: kernel-modules

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-modules-extra

Package

Name: kernel-modules-extra

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-tools

Package

Name: kernel-tools

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-tools-libs

Package

Name: kernel-tools-libs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-tools-libs-devel

Package

Name: kernel-tools-libs-devel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-zfcpdump

Package

Name: kernel-zfcpdump

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-zfcpdump-core

Package

Name: kernel-zfcpdump-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-zfcpdump-devel

Package

Name: kernel-zfcpdump-devel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-zfcpdump-devel-matched

Package

Name: kernel-zfcpdump-devel-matched

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-zfcpdump-modules

Package

Name: kernel-zfcpdump-modules

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / kernel-zfcpdump-modules-extra

Package

Name: kernel-zfcpdump-modules-extra

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / perf

Package

Name: perf

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1

AlmaLinux:9 / python3-perf

Package

Name: python3-perf

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.0-162.6.1.el9_1