ALAS2KERNEL-5.15-2022-007 --- kernelID: oval:org.secpod.oval:def:1701006 | Date: (C)2022-09-16 (M)2024-05-22 |
Class: PATCH | Family: unix |
An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. A memory corruption flaw was found in the Linux kernel's Netfilter subsystem in the way a local user uses the libnetfilter_queue when analyzing a corrupted network packet. This flaw allows a local user to crash the system or a remote user to crash the system when the libnetfilter_queue is used by a local user
Product: |
kernel |
perf |
python-perf |
bpftool |