[ALAS2-2022-1876] Amazon Linux 2 2017.12 - ALAS2-2022-1876: important priority package update for kernel
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2022-43750:
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
CVE-2022-41850:
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
CVE-2022-41849:
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
CVE-2022-40768:
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
CVE-2022-39842:
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.
CVE-2022-3649:
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.
CVE-2022-3646:
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.
CVE-2022-3621:
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.
CVE-2022-3594:
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
CVE-2022-3565:
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.
CVE-2022-3542:
A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability.
CVE-2022-2978:
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- ID
- ALAS2-2022-1876
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2022-1876.html
- Published
-
2022-10-31T19:40:00
(22 months ago) - Modified
-
2023-01-18T00:18:00
(20 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
- ALAS-2022-1645
- ALSA-2023:2458
- ALSA-2023:2951
- ALSA-2023:7077
- ALSA-2024:3138
- DSA-5257-1
- ELSA-2022-10065
- ELSA-2022-10072
- ELSA-2022-10073
- ELSA-2022-10079
- ELSA-2022-10081
- ELSA-2022-10108
- ELSA-2023-1987
- ELSA-2023-2458
- ELSA-2023-2951
- ELSA-2023-6583
- ELSA-2023-7077
- ELSA-2024-3138
- FEDORA-2022-1a5b125ac6
- FEDORA-2022-2cfbe17910
- FEDORA-2022-b948fc3cfb
- MS:CVE-2022-3542
- MS:CVE-2022-3594
- MS:CVE-2022-39842
- MS:CVE-2022-40768
- MS:CVE-2022-41849
- MS:CVE-2022-41850
- MS:CVE-2022-43750
- RHSA-2023:1987
- RHSA-2023:1988
- RHSA-2023:2148
- RHSA-2023:2458
- RHSA-2023:2736
- RHSA-2023:2951
- RHSA-2023:6901
- RHSA-2023:7077
- RHSA-2024:2950
- RHSA-2024:3138
- RLSA-2024:3138
- SSA:2022-333-01
- SUSE-SU-2022:3585-1
- SUSE-SU-2022:3609-1
- SUSE-SU-2022:3704-1
- SUSE-SU-2022:3775-1
- SUSE-SU-2022:3809-1
- SUSE-SU-2022:3810-1
- SUSE-SU-2022:3844-1
- SUSE-SU-2022:3897-1
- SUSE-SU-2022:3929-1
- SUSE-SU-2022:3930-1
- SUSE-SU-2022:3998-1
- SUSE-SU-2022:4053-1
- SUSE-SU-2022:4072-1
- SUSE-SU-2022:4272-1
- SUSE-SU-2022:4273-1
- SUSE-SU-2022:4503-1
- SUSE-SU-2022:4504-1
- SUSE-SU-2022:4505-1
- SUSE-SU-2022:4561-1
- SUSE-SU-2022:4566-1
- SUSE-SU-2022:4573-1
- SUSE-SU-2022:4574-1
- SUSE-SU-2022:4585-1
- SUSE-SU-2022:4589-1
- SUSE-SU-2022:4611-1
- SUSE-SU-2022:4613-1
- SUSE-SU-2022:4614-1
- SUSE-SU-2022:4615-1
- SUSE-SU-2022:4616-1
- SUSE-SU-2022:4617-1
- SUSE-SU-2023:0226-1
- SUSE-SU-2023:0238-1
- SUSE-SU-2023:0250-1
- SUSE-SU-2023:0263-1
- SUSE-SU-2023:0271-1
- SUSE-SU-2023:0416-1
- SUSE-SU-2024:1641-1
- SUSE-SU-2024:1642-1
- SUSE-SU-2024:1643-1
- SUSE-SU-2024:1644-1
- SUSE-SU-2024:1645-1
- SUSE-SU-2024:1646-1
- SUSE-SU-2024:1647-1
- SUSE-SU-2024:1648-1
- SUSE-SU-2024:1650-1
- SUSE-SU-2024:1659-1
- SUSE-SU-2024:1663-1
- SUSE-SU-2024:1677-1
- SUSE-SU-2024:1679-1
- SUSE-SU-2024:1680-1
- SUSE-SU-2024:1682-1
- SUSE-SU-2024:1683-1
- SUSE-SU-2024:1685-1
- SUSE-SU-2024:1686-1
- SUSE-SU-2024:1692-1
- SUSE-SU-2024:1694-1
- SUSE-SU-2024:1695-1
- SUSE-SU-2024:1696-1
- SUSE-SU-2024:1705-1
- SUSE-SU-2024:1706-1
- SUSE-SU-2024:1707-1
- SUSE-SU-2024:1708-1
- SUSE-SU-2024:1709-1
- SUSE-SU-2024:1711-1
- SUSE-SU-2024:1712-1
- SUSE-SU-2024:1713-1
- SUSE-SU-2024:1719-1
- SUSE-SU-2024:1720-1
- SUSE-SU-2024:1723-1
- SUSE-SU-2024:1726-1
- SUSE-SU-2024:1729-1
- SUSE-SU-2024:1730-1
- SUSE-SU-2024:1731-1
- SUSE-SU-2024:1732-1
- SUSE-SU-2024:1735-1
- SUSE-SU-2024:1736-1
- SUSE-SU-2024:1738-1
- SUSE-SU-2024:1739-1
- SUSE-SU-2024:1740-1
- SUSE-SU-2024:1742-1
- SUSE-SU-2024:1746-1
- SUSE-SU-2024:1748-1
- SUSE-SU-2024:1749-1
- SUSE-SU-2024:1750-1
- SUSE-SU-2024:1751-1
- SUSE-SU-2024:1753-1
- SUSE-SU-2024:1757-1
- SUSE-SU-2024:1759-1
- SUSE-SU-2024:1760-1
- SUSE-SU-2024:1870-1
- SUSE-SU-2024:1983-1
- SUSE-SU-2024:2011-1
- SUSE-SU-2024:2092-1
- SUSE-SU-2024:2100-1
- SUSE-SU-2024:2101-1
- SUSE-SU-2024:2120-1
- SUSE-SU-2024:2121-1
- SUSE-SU-2024:2130-1
- SUSE-SU-2024:2139-1
- SUSE-SU-2024:2148-1
- SUSE-SU-2024:2162-1
- SUSE-SU-2024:2163-1
- SUSE-SU-2024:2184-1
- SUSE-SU-2024:2189-1
- SUSE-SU-2024:2191-1
- SUSE-SU-2024:2207-1
- SUSE-SU-2024:2208-1
- SUSE-SU-2024:2209-1
- SUSE-SU-2024:2335-1
- SUSE-SU-2024:2337-1
- SUSE-SU-2024:2343-1
- SUSE-SU-2024:2344-1
- SUSE-SU-2024:2357-1
- SUSE-SU-2024:2360-1
- SUSE-SU-2024:2373-1
- SUSE-SU-2024:2381-1
- SUSE-SU-2024:2382-1
- SUSE-SU-2024:2446-1
- SUSE-SU-2024:2447-1
- SUSE-SU-2024:2448-1
- SUSE-SU-2024:2472-1
- SUSE-SU-2024:2473-1
- SUSE-SU-2024:2558-1
- SUSE-SU-2024:2561-1
- SUSE-SU-2024:2722-1
- SUSE-SU-2024:2725-1
- SUSE-SU-2024:2740-1
- SUSE-SU-2024:2751-1
- SUSE-SU-2024:2755-1
- SUSE-SU-2024:2758-1
- SUSE-SU-2024:2773-1
- SUSE-SU-2024:2821-1
- SUSE-SU-2024:2824-1
- SUSE-SU-2024:2825-1
- SUSE-SU-2024:2840-1
- SUSE-SU-2024:2843-1
- SUSE-SU-2024:2850-1
- SUSE-SU-2024:2851-1
- SUSE-SU-2024:2894-1
- SUSE-SU-2024:2939-1
- SUSE-SU-2024:2947-1
- SUSE-SU-2024:3034-1
- SUSE-SU-2024:3037-1
- SUSE-SU-2024:3043-1
- SUSE-SU-2024:3044-1
- SUSE-SU-2024:3048-1
- USN-5650-1
- USN-5693-1
- USN-5727-1
- USN-5727-2
- USN-5728-1
- USN-5728-2
- USN-5728-3
- USN-5729-1
- USN-5729-2
- USN-5754-1
- USN-5754-2
- USN-5755-1
- USN-5755-2
- USN-5756-1
- USN-5756-2
- USN-5756-3
- USN-5757-1
- USN-5757-2
- USN-5758-1
- USN-5773-1
- USN-5774-1
- USN-5779-1
- USN-5789-1
- USN-5791-1
- USN-5791-2
- USN-5791-3
- USN-5792-1
- USN-5792-2
- USN-5793-1
- USN-5793-2
- USN-5793-3
- USN-5793-4
- USN-5815-1
- USN-5851-1
- USN-5853-1
- USN-5854-1
- USN-5860-1
- USN-5861-1
- USN-5862-1
- USN-5865-1
- USN-5874-1
- USN-5875-1
- USN-5876-1
- USN-5877-1
- USN-5883-1
- USN-5909-1
- USN-5913-1
- USN-5918-1
- USN-5919-1
- USN-5924-1
- USN-5975-1
- USN-5976-1
- USN-6001-1
- USN-6007-1
- USN-6013-1
- USN-6014-1
- USN-6031-1
- USN-6976-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2022-2978 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2978 | |
CVE | CVE-2022-3542 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3542 | |
CVE | CVE-2022-3565 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3565 | |
CVE | CVE-2022-3594 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3594 | |
CVE | CVE-2022-3621 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3621 | |
CVE | CVE-2022-3646 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3646 | |
CVE | CVE-2022-3649 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3649 | |
CVE | CVE-2022-39842 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39842 | |
CVE | CVE-2022-40768 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40768 | |
CVE | CVE-2022-41849 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41849 | |
CVE | CVE-2022-41850 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41850 | |
CVE | CVE-2022-43750 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43750 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf | < 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | python-perf-debuginfo | < 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf | < 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | perf-debuginfo | < 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel | < 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools | < 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-devel | < 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-tools-debuginfo | < 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-livepatch-4.14.296-222.539?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-livepatch-4.14.296-222.539 | < 1.0-0.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.296-222.539.amzn2 | amazonlinux-2 | i686 | |
Affected | pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-headers | < 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-devel | < 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo | < 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-x86_64 | < 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2 | amazonlinux | kernel-debuginfo-common-aarch64 | < 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |