[ALAS2-2022-1768] Amazon Linux 2 2017.12 - ALAS2-2022-1768: important priority package update for kernel
Severity
Important
Affected Packages
26
CVEs
4
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2022-20368:
An out-of-bounds access issue was found in the Linux kernel networking subsystem in the way raw packet sockets (AF_PACKET) used PACKET_COPY_THRESH and mmap operations. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or privilege escalation.
CVE-2022-1016:
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle return with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
CVE-2022-1015:
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
- ID
- ALAS2-2022-1768
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2022-1768.html
- Published
-
2022-04-04T23:21:00
(2 years ago) - Modified
-
2023-02-17T00:13:00
(19 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS-2022-1577
-
ALSA-2022:7683
-
ALSA-2022:8267
-
DSA-5127-1
-
DSA-5173-1
-
ELSA-2022-10065
-
ELSA-2022-7683
-
ELSA-2022-8267
-
ELSA-2022-9266
-
ELSA-2022-9267
-
ELSA-2022-9270
-
ELSA-2022-9271
-
ELSA-2022-9273
-
ELSA-2022-9274
-
ELSA-2022-9313
-
ELSA-2022-9314
-
ELSA-2022-9348
-
ELSA-2022-9365
-
ELSA-2022-9368
-
ELSA-2022-9533
-
ELSA-2022-9534
-
ELSA-2023-12759
-
MS:CVE-2022-1015
-
MS:CVE-2022-1016
-
RHSA-2022:7444
-
RHSA-2022:7683
-
RHSA-2022:7933
-
RHSA-2022:8267
-
RLSA-2022:7683
-
SSA:2022-129-01
-
SUSE-SU-2022:1163-1
-
SUSE-SU-2022:1183-1
-
SUSE-SU-2022:1196-1
-
SUSE-SU-2022:1197-1
-
SUSE-SU-2022:1255-1
-
SUSE-SU-2022:1256-1
-
SUSE-SU-2022:1257-1
-
SUSE-SU-2022:1266-1
-
SUSE-SU-2022:1267-1
-
SUSE-SU-2022:1270-1
-
SUSE-SU-2022:1283-1
-
SUSE-SU-2022:1318-1
-
SUSE-SU-2022:1320-1
-
SUSE-SU-2022:1322-1
-
SUSE-SU-2022:1326-1
-
SUSE-SU-2022:1329-1
-
SUSE-SU-2022:1335-1
-
SUSE-SU-2022:1369-1
-
SUSE-SU-2022:1402-1
-
SUSE-SU-2022:1407-1
-
SUSE-SU-2022:1440-1
-
SUSE-SU-2022:1453-1
-
SUSE-SU-2022:1486-1
-
SUSE-SU-2022:2268-1
-
SUSE-SU-2022:2520-1
-
SUSE-SU-2022:2615-1
-
SUSE-SU-2022:3263-1
-
SUSE-SU-2022:3264-1
-
SUSE-SU-2022:3265-1
-
SUSE-SU-2022:3274-1
-
SUSE-SU-2022:3282-1
-
SUSE-SU-2022:3288-1
-
SUSE-SU-2022:3291-1
-
SUSE-SU-2022:3293-1
-
SUSE-SU-2022:3294-1
-
SUSE-SU-2022:3408-1
-
SUSE-SU-2022:3422-1
-
SUSE-SU-2022:3450-1
-
SUSE-SU-2022:3609-1
-
SUSE-SU-2022:3809-1
-
SUSE-SU-2022:4617-1
-
SUSE-SU-2023:0416-1
-
SUSE-SU-2024:2892-1
-
SUSE-SU-2024:2894-1
-
SUSE-SU-2024:2901-1
-
SUSE-SU-2024:2929-1
-
SUSE-SU-2024:2939-1
-
SUSE-SU-2024:2940-1
-
SUSE-SU-2024:2947-1
-
SUSE-SU-2024:3249-1
-
USN-5381-1
-
USN-5383-1
-
USN-5390-1
-
USN-5390-2
-
USN-5415-1
-
USN-5466-1
-
USN-5580-1
-
USN-5650-1
-
USN-6001-1
-
USN-6013-1
-
USN-6014-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2022-1015 |
|
|
| CVE | CVE-2022-1016 |
|
|
| CVE | CVE-2022-20368 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
 python-perf
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
python-perf
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
python-perf-debuginfo
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
python-perf-debuginfo
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
perf
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
perf
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
perf-debuginfo
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
perf-debuginfo
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-tools
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-tools
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-devel
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-devel
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-livepatch-4.14.273-207.502?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-livepatch-4.14.273-207.502
|
< 1.0-0.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-headers
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2 | amazonlinux |
kernel-headers
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-headers
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-devel
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-devel
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo-common-aarch64
|
< 4.14.273-207.502.amzn2 | amazonlinux-2 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |