[ALAS-2022-1581] Amazon Linux AMI 2014.03 - ALAS-2022-1581: important priority package update for kernel
Severity
Important
Affected Packages
20
CVEs
3
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2022-28356:
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVE-2022-27666:
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
CVE-2022-26490:
A buffer overflow flaw was found in the Linux kernel's NFC protocol functionality. This flaw allows a local user to crash or escalate their privileges on the system.
- ID
- ALAS-2022-1581
- Severity
- important
- URL
- https://alas.aws.amazon.com/ALAS-2022-1581.html
- Published
-
2022-04-18T19:46:00
(2 years ago) - Modified
-
2022-04-19T18:47:00
(2 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS2-2022-1774
- ALSA-2022:5249
- ALSA-2022:5316
- DSA-5127-1
- DSA-5173-1
- ELSA-2022-5249
- ELSA-2022-5316
- ELSA-2022-9365
- ELSA-2022-9366
- ELSA-2022-9367
- ELSA-2022-9368
- FEDORA-2022-9342e59a98
- FEDORA-2022-de4474b89d
- MS:CVE-2022-26490
- MS:CVE-2022-27666
- MS:CVE-2022-28356
- openSUSE-SU-2022:1037-1
- openSUSE-SU-2022:1039-1
- RHSA-2022:5214
- RHSA-2022:5219
- RHSA-2022:5249
- RHSA-2022:5267
- RHSA-2022:5316
- RHSA-2022:5344
- RLSA-2022:5316
- SSA:2022-129-01
- SUSE-SU-2022:1037-1
- SUSE-SU-2022:1038-1
- SUSE-SU-2022:1039-1
- SUSE-SU-2022:1163-1
- SUSE-SU-2022:1172-1
- SUSE-SU-2022:1182-1
- SUSE-SU-2022:1183-1
- SUSE-SU-2022:1189-1
- SUSE-SU-2022:1192-1
- SUSE-SU-2022:1193-1
- SUSE-SU-2022:1194-1
- SUSE-SU-2022:1196-1
- SUSE-SU-2022:1197-1
- SUSE-SU-2022:1212-1
- SUSE-SU-2022:1215-1
- SUSE-SU-2022:1223-1
- SUSE-SU-2022:1224-1
- SUSE-SU-2022:1230-1
- SUSE-SU-2022:1242-1
- SUSE-SU-2022:1246-1
- SUSE-SU-2022:1248-1
- SUSE-SU-2022:1255-1
- SUSE-SU-2022:1256-1
- SUSE-SU-2022:1257-1
- SUSE-SU-2022:1261-1
- SUSE-SU-2022:1266-1
- SUSE-SU-2022:1267-1
- SUSE-SU-2022:1268-1
- SUSE-SU-2022:1269-1
- SUSE-SU-2022:1270-1
- SUSE-SU-2022:1278-1
- SUSE-SU-2022:1283-1
- SUSE-SU-2022:1303-1
- SUSE-SU-2022:1402-1
- SUSE-SU-2022:1407-1
- SUSE-SU-2022:1668-1
- SUSE-SU-2022:1669-1
- SUSE-SU-2022:1676-1
- SUSE-SU-2022:1686-1
- SUSE-SU-2022:1687-1
- SUSE-SU-2022:2520-1
- SUSE-SU-2022:2615-1
- SUSE-SU-2022:2699-1
- SUSE-SU-2022:2700-1
- SUSE-SU-2022:2709-1
- SUSE-SU-2022:2726-1
- SUSE-SU-2022:2728-1
- SUSE-SU-2022:2738-1
- SUSE-SU-2022:2745-1
- SUSE-SU-2022:2766-1
- SUSE-SU-2022:2770-1
- SUSE-SU-2022:2776-1
- SUSE-SU-2022:2780-1
- SUSE-SU-2022:2783-1
- SUSE-SU-2022:2789-1
- SUSE-SU-2022:2854-1
- SUSE-SU-2022:3288-1
- SUSE-SU-2022:3293-1
- SUSE-SU-2022:4617-1
- SUSE-SU-2023:0416-1
- USN-5353-1
- USN-5357-1
- USN-5357-2
- USN-5358-1
- USN-5358-2
- USN-5368-1
- USN-5377-1
- USN-5381-1
- USN-5390-1
- USN-5390-2
- USN-5413-1
- USN-5415-1
- USN-5417-1
- USN-5418-1
- USN-5466-1
- USN-5467-1
- USN-5469-1
- USN-5500-1
- USN-5505-1
- USN-5513-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2022-26490 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26490 | |
CVE | CVE-2022-27666 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27666 | |
CVE | CVE-2022-28356 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28356 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf | < 4.14.275-142.503.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=i686&distro=amazonlinux-1 | amazonlinux | perf | < 4.14.275-142.503.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 4.14.275-142.503.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | perf-debuginfo | < 4.14.275-142.503.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel | < 4.14.275-142.503.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel | < 4.14.275-142.503.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 4.14.275-142.503.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools | < 4.14.275-142.503.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools-devel | < 4.14.275-142.503.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools-devel | < 4.14.275-142.503.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 4.14.275-142.503.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-tools-debuginfo | < 4.14.275-142.503.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 4.14.275-142.503.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-headers | < 4.14.275-142.503.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 4.14.275-142.503.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-devel | < 4.14.275-142.503.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 4.14.275-142.503.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo | < 4.14.275-142.503.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.14.275-142.503.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-i686?arch=i686&distro=amazonlinux-1 | amazonlinux | kernel-debuginfo-common-i686 | < 4.14.275-142.503.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |