ALAS2KERNEL-5.4-2022-034 --- kernelID: oval:org.secpod.oval:def:1700998 | Date: (C)2022-08-24 (M)2024-05-22 |
Class: PATCH | Family: unix |
An out-of-bounds write flaw was found in the Linux kernel's framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled A heap buffer overflow flaw was found in the Linux kernel's Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. This flaw allows a local user to crash or potentially escalate their privileges on the system. An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. A memory corruption flaw was found in the Linux kernel's Netfilter subsystem in the way a local user uses the libnetfilter_queue when analyzing a corrupted network packet. This flaw allows a local user to crash the system or a remote user to crash the system when the libnetfilter_queue is used by a local user
Product: |
kernel |
perf |
python-perf |
bpftool |