Lucene search

K
almalinuxAlmaLinuxALSA-2022:6610
HistorySep 20, 2022 - 12:00 a.m.

Important: kernel security, bug fix, and enhancement update

2022-09-2000:00:00
errata.almalinux.org
34
linux kernel
security fix
heap overflow
buffer overflow
rdma
mlx5
x86 platform
block layer
nvme/tcp
ice driver
lscpu
amx flags
power 9
ppc64le
iavf

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.2%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: heap overflow in nft_set_elem_init() (CVE-2022-34918)
  • kernel: vulnerability of buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • RDMA/mlx5: Fix number of allocated XLT entries (BZ#2092270)
  • mlx5, Setup hanged when run test-route-nexthop-object.sh (BZ#2092535)
  • many call traces from unchecked MSR access error: WRMSR to 0x199 in amazon i4.32xlarge instance (BZ#2099417)
  • X86/platform/UV: Kernel Support Fixes for UV5 platform (BZ#2107732)
  • block layer: fixes for md sync slow and softlockup at blk_mq_sched_dispatch_requests [9.0.0.z] (BZ#2111395)
  • Fixes for NVMe/TCP dereferences an invalid, non-canonical pointer, kernel panic (BZ#2117755)
  • Adding missing nvme fix to AlmaLinux-9.1 (BZ#2117756)
  • nvme/tcp mistakenly uses blk_mq_tag_to_rq(nvme_tcp_tagset(queue) (BZ#2118698)
  • Important ice bug fixes (BZ#2119290)
  • Power 9/ppc64le Incorrect Socket(s) & “Core(s) per socket” reported by lscpu command. (BZ#2121719)

Enhancement(s):

  • lscpu does not show all of the support AMX flags (amx_int8, amx_bf16) (BZ#2108203)
  • ice: Driver Update (BZ#2108204)
  • iavf: Driver Update (BZ#2119477)
  • i40e: Driver Update (BZ#2119479)

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.2%