[ALAS2-2022-1876] Amazon Linux 2 2017.12 - ALAS2-2022-1876: important priority package update for kernel
Package updates are available for Amazon Linux 2 that fix the following vulnerabilities:
CVE-2022-43750:
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
CVE-2022-41850:
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
CVE-2022-41849:
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
CVE-2022-40768:
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
CVE-2022-39842:
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.
CVE-2022-3649:
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.
CVE-2022-3646:
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.
CVE-2022-3621:
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.
CVE-2022-3594:
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
CVE-2022-3565:
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.
CVE-2022-3542:
A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability.
CVE-2022-2978:
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- ID
- ALAS2-2022-1876
- Severity
- important
- URL
- https://alas.aws.amazon.com/AL2/ALAS-2022-1876.html
- Published
-
2022-10-31T19:40:00
(22 months ago) - Modified
-
2023-01-18T00:18:00
(20 months ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS-2022-1645
-
ALSA-2023:2458
-
ALSA-2023:2951
-
ALSA-2023:7077
-
ALSA-2024:3138
-
DSA-5257-1
-
ELSA-2022-10065
-
ELSA-2022-10072
-
ELSA-2022-10073
-
ELSA-2022-10079
-
ELSA-2022-10081
-
ELSA-2022-10108
-
ELSA-2023-1987
-
ELSA-2023-2458
-
ELSA-2023-2951
-
ELSA-2023-6583
-
ELSA-2023-7077
-
ELSA-2024-3138
-
FEDORA-2022-1a5b125ac6
-
FEDORA-2022-2cfbe17910
-
FEDORA-2022-b948fc3cfb
-
MS:CVE-2022-3542
-
MS:CVE-2022-3594
-
MS:CVE-2022-39842
-
MS:CVE-2022-40768
-
MS:CVE-2022-41849
-
MS:CVE-2022-41850
-
MS:CVE-2022-43750
-
RHSA-2023:1987
-
RHSA-2023:1988
-
RHSA-2023:2148
-
RHSA-2023:2458
-
RHSA-2023:2736
-
RHSA-2023:2951
-
RHSA-2023:6901
-
RHSA-2023:7077
-
RHSA-2024:2950
-
RHSA-2024:3138
-
RLSA-2024:3138
-
SSA:2022-333-01
-
SUSE-SU-2022:3585-1
-
SUSE-SU-2022:3609-1
-
SUSE-SU-2022:3704-1
-
SUSE-SU-2022:3775-1
-
SUSE-SU-2022:3809-1
-
SUSE-SU-2022:3810-1
-
SUSE-SU-2022:3844-1
-
SUSE-SU-2022:3897-1
-
SUSE-SU-2022:3929-1
-
SUSE-SU-2022:3930-1
-
SUSE-SU-2022:3998-1
-
SUSE-SU-2022:4053-1
-
SUSE-SU-2022:4072-1
-
SUSE-SU-2022:4272-1
-
SUSE-SU-2022:4273-1
-
SUSE-SU-2022:4503-1
-
SUSE-SU-2022:4504-1
-
SUSE-SU-2022:4505-1
-
SUSE-SU-2022:4561-1
-
SUSE-SU-2022:4566-1
-
SUSE-SU-2022:4573-1
-
SUSE-SU-2022:4574-1
-
SUSE-SU-2022:4585-1
-
SUSE-SU-2022:4589-1
-
SUSE-SU-2022:4611-1
-
SUSE-SU-2022:4613-1
-
SUSE-SU-2022:4614-1
-
SUSE-SU-2022:4615-1
-
SUSE-SU-2022:4616-1
-
SUSE-SU-2022:4617-1
-
SUSE-SU-2023:0226-1
-
SUSE-SU-2023:0238-1
-
SUSE-SU-2023:0250-1
-
SUSE-SU-2023:0263-1
-
SUSE-SU-2023:0271-1
-
SUSE-SU-2023:0416-1
-
SUSE-SU-2024:1641-1
-
SUSE-SU-2024:1642-1
-
SUSE-SU-2024:1643-1
-
SUSE-SU-2024:1644-1
-
SUSE-SU-2024:1645-1
-
SUSE-SU-2024:1646-1
-
SUSE-SU-2024:1647-1
-
SUSE-SU-2024:1648-1
-
SUSE-SU-2024:1650-1
-
SUSE-SU-2024:1659-1
-
SUSE-SU-2024:1663-1
-
SUSE-SU-2024:1677-1
-
SUSE-SU-2024:1679-1
-
SUSE-SU-2024:1680-1
-
SUSE-SU-2024:1682-1
-
SUSE-SU-2024:1683-1
-
SUSE-SU-2024:1685-1
-
SUSE-SU-2024:1686-1
-
SUSE-SU-2024:1692-1
-
SUSE-SU-2024:1694-1
-
SUSE-SU-2024:1695-1
-
SUSE-SU-2024:1696-1
-
SUSE-SU-2024:1705-1
-
SUSE-SU-2024:1706-1
-
SUSE-SU-2024:1707-1
-
SUSE-SU-2024:1708-1
-
SUSE-SU-2024:1709-1
-
SUSE-SU-2024:1711-1
-
SUSE-SU-2024:1712-1
-
SUSE-SU-2024:1713-1
-
SUSE-SU-2024:1719-1
-
SUSE-SU-2024:1720-1
-
SUSE-SU-2024:1723-1
-
SUSE-SU-2024:1726-1
-
SUSE-SU-2024:1729-1
-
SUSE-SU-2024:1730-1
-
SUSE-SU-2024:1731-1
-
SUSE-SU-2024:1732-1
-
SUSE-SU-2024:1735-1
-
SUSE-SU-2024:1736-1
-
SUSE-SU-2024:1738-1
-
SUSE-SU-2024:1739-1
-
SUSE-SU-2024:1740-1
-
SUSE-SU-2024:1742-1
-
SUSE-SU-2024:1746-1
-
SUSE-SU-2024:1748-1
-
SUSE-SU-2024:1749-1
-
SUSE-SU-2024:1750-1
-
SUSE-SU-2024:1751-1
-
SUSE-SU-2024:1753-1
-
SUSE-SU-2024:1757-1
-
SUSE-SU-2024:1759-1
-
SUSE-SU-2024:1760-1
-
SUSE-SU-2024:1870-1
-
SUSE-SU-2024:1983-1
-
SUSE-SU-2024:2011-1
-
SUSE-SU-2024:2092-1
-
SUSE-SU-2024:2100-1
-
SUSE-SU-2024:2101-1
-
SUSE-SU-2024:2120-1
-
SUSE-SU-2024:2121-1
-
SUSE-SU-2024:2130-1
-
SUSE-SU-2024:2139-1
-
SUSE-SU-2024:2148-1
-
SUSE-SU-2024:2162-1
-
SUSE-SU-2024:2163-1
-
SUSE-SU-2024:2184-1
-
SUSE-SU-2024:2189-1
-
SUSE-SU-2024:2191-1
-
SUSE-SU-2024:2207-1
-
SUSE-SU-2024:2208-1
-
SUSE-SU-2024:2209-1
-
SUSE-SU-2024:2335-1
-
SUSE-SU-2024:2337-1
-
SUSE-SU-2024:2343-1
-
SUSE-SU-2024:2344-1
-
SUSE-SU-2024:2357-1
-
SUSE-SU-2024:2360-1
-
SUSE-SU-2024:2373-1
-
SUSE-SU-2024:2381-1
-
SUSE-SU-2024:2382-1
-
SUSE-SU-2024:2446-1
-
SUSE-SU-2024:2447-1
-
SUSE-SU-2024:2448-1
-
SUSE-SU-2024:2472-1
-
SUSE-SU-2024:2473-1
-
SUSE-SU-2024:2558-1
-
SUSE-SU-2024:2561-1
-
SUSE-SU-2024:2722-1
-
SUSE-SU-2024:2725-1
-
SUSE-SU-2024:2740-1
-
SUSE-SU-2024:2751-1
-
SUSE-SU-2024:2755-1
-
SUSE-SU-2024:2758-1
-
SUSE-SU-2024:2773-1
-
SUSE-SU-2024:2821-1
-
SUSE-SU-2024:2824-1
-
SUSE-SU-2024:2825-1
-
SUSE-SU-2024:2840-1
-
SUSE-SU-2024:2843-1
-
SUSE-SU-2024:2850-1
-
SUSE-SU-2024:2851-1
-
SUSE-SU-2024:2894-1
-
SUSE-SU-2024:2939-1
-
SUSE-SU-2024:2947-1
-
SUSE-SU-2024:3034-1
-
SUSE-SU-2024:3037-1
-
SUSE-SU-2024:3043-1
-
SUSE-SU-2024:3044-1
-
SUSE-SU-2024:3048-1
-
USN-5650-1
-
USN-5693-1
-
USN-5727-1
-
USN-5727-2
-
USN-5728-1
-
USN-5728-2
-
USN-5728-3
-
USN-5729-1
-
USN-5729-2
-
USN-5754-1
-
USN-5754-2
-
USN-5755-1
-
USN-5755-2
-
USN-5756-1
-
USN-5756-2
-
USN-5756-3
-
USN-5757-1
-
USN-5757-2
-
USN-5758-1
-
USN-5773-1
-
USN-5774-1
-
USN-5779-1
-
USN-5789-1
-
USN-5791-1
-
USN-5791-2
-
USN-5791-3
-
USN-5792-1
-
USN-5792-2
-
USN-5793-1
-
USN-5793-2
-
USN-5793-3
-
USN-5793-4
-
USN-5815-1
-
USN-5851-1
-
USN-5853-1
-
USN-5854-1
-
USN-5860-1
-
USN-5861-1
-
USN-5862-1
-
USN-5865-1
-
USN-5874-1
-
USN-5875-1
-
USN-5876-1
-
USN-5877-1
-
USN-5883-1
-
USN-5909-1
-
USN-5913-1
-
USN-5918-1
-
USN-5919-1
-
USN-5924-1
-
USN-5975-1
-
USN-5976-1
-
USN-6001-1
-
USN-6007-1
-
USN-6013-1
-
USN-6014-1
-
USN-6031-1
-
USN-6976-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2022-2978 |
|
|
| CVE | CVE-2022-3542 |
|
|
| CVE | CVE-2022-3565 |
|
|
| CVE | CVE-2022-3594 |
|
|
| CVE | CVE-2022-3621 |
|
|
| CVE | CVE-2022-3646 |
|
|
| CVE | CVE-2022-3649 |
|
|
| CVE | CVE-2022-39842 |
|
|
| CVE | CVE-2022-40768 |
|
|
| CVE | CVE-2022-41849 |
|
|
| CVE | CVE-2022-41850 |
|
|
| CVE | CVE-2022-43750 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/python-perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
 python-perf
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/python-perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
python-perf
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
python-perf-debuginfo
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/python-perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
python-perf-debuginfo
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
perf
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
perf
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
perf-debuginfo
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/perf-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
perf-debuginfo
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-tools
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-tools
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-devel
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-devel
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-tools-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-tools-debuginfo
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-livepatch-4.14.296-222.539?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-livepatch-4.14.296-222.539
|
< 1.0-0.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-headers
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=i686&distro=amazonlinux-2 | amazonlinux |
kernel-headers
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | i686 | |
| Affected | pkg:rpm/amazonlinux/kernel-headers?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-headers
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-devel
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-devel?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-devel
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-x86_64?arch=x86_64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo-common-x86_64
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=amazonlinux-2 | amazonlinux |
kernel-debuginfo-common-aarch64
|
< 4.14.296-222.539.amzn2 | amazonlinux-2 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |