[ALAS2-2022-1768] Amazon Linux 2 2017.12 - ALAS2-2022-1768: important priority package update for kernel
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2022-20368:
An out-of-bounds access issue was found in the Linux kernel networking subsystem in the way raw packet sockets (AF_PACKET) used PACKET_COPY_THRESH and mmap operations. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or privilege escalation.
CVE-2022-1016:
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle return with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
CVE-2022-1015:
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
- ID
- ALAS2-2022-1768
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2022-1768.html
- Published
-
2022-04-04T23:21:00
(2 years ago) - Modified
-
2023-02-17T00:13:00
(19 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2022-1577
- ALSA-2022:7683
- ALSA-2022:8267
- DSA-5127-1
- DSA-5173-1
- ELSA-2022-10065
- ELSA-2022-7683
- ELSA-2022-8267
- ELSA-2022-9266
- ELSA-2022-9267
- ELSA-2022-9270
- ELSA-2022-9271
- ELSA-2022-9273
- ELSA-2022-9274
- ELSA-2022-9313
- ELSA-2022-9314
- ELSA-2022-9348
- ELSA-2022-9365
- ELSA-2022-9368
- ELSA-2022-9533
- ELSA-2022-9534
- ELSA-2023-12759
- MS:CVE-2022-1015
- MS:CVE-2022-1016
- RHSA-2022:7444
- RHSA-2022:7683
- RHSA-2022:7933
- RHSA-2022:8267
- RLSA-2022:7683
- SSA:2022-129-01
- SUSE-SU-2022:1163-1
- SUSE-SU-2022:1183-1
- SUSE-SU-2022:1196-1
- SUSE-SU-2022:1197-1
- SUSE-SU-2022:1255-1
- SUSE-SU-2022:1256-1
- SUSE-SU-2022:1257-1
- SUSE-SU-2022:1266-1
- SUSE-SU-2022:1267-1
- SUSE-SU-2022:1270-1
- SUSE-SU-2022:1283-1
- SUSE-SU-2022:1318-1
- SUSE-SU-2022:1320-1
- SUSE-SU-2022:1322-1
- SUSE-SU-2022:1326-1
- SUSE-SU-2022:1329-1
- SUSE-SU-2022:1335-1
- SUSE-SU-2022:1369-1
- SUSE-SU-2022:1402-1
- SUSE-SU-2022:1407-1
- SUSE-SU-2022:1440-1
- SUSE-SU-2022:1453-1
- SUSE-SU-2022:1486-1
- SUSE-SU-2022:2268-1
- SUSE-SU-2022:2520-1
- SUSE-SU-2022:2615-1
- SUSE-SU-2022:3263-1
- SUSE-SU-2022:3264-1
- SUSE-SU-2022:3265-1
- SUSE-SU-2022:3274-1
- SUSE-SU-2022:3282-1
- SUSE-SU-2022:3288-1
- SUSE-SU-2022:3291-1
- SUSE-SU-2022:3293-1
- SUSE-SU-2022:3294-1
- SUSE-SU-2022:3408-1
- SUSE-SU-2022:3422-1
- SUSE-SU-2022:3450-1
- SUSE-SU-2022:3609-1
- SUSE-SU-2022:3809-1
- SUSE-SU-2022:4617-1
- SUSE-SU-2023:0416-1
- SUSE-SU-2024:2892-1
- SUSE-SU-2024:2894-1
- SUSE-SU-2024:2901-1
- SUSE-SU-2024:2929-1
- SUSE-SU-2024:2939-1
- SUSE-SU-2024:2940-1
- SUSE-SU-2024:2947-1
- SUSE-SU-2024:3249-1
- USN-5381-1
- USN-5383-1
- USN-5390-1
- USN-5390-2
- USN-5415-1
- USN-5466-1
- USN-5580-1
- USN-5650-1
- USN-6001-1
- USN-6013-1
- USN-6014-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2022-1015 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1015 | |
CVE | CVE-2022-1016 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1016 | |
CVE | CVE-2022-20368 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20368 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-livepatch-4.14.273-207.502?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-livepatch-4.14.273-207.502 | < 1.0-0.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.273-207.502.amzn2 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-aarch64 | < 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |