Lucene search

K
amazonAmazonALAS-2022-1604
HistoryJun 30, 2022 - 11:38 p.m.

Important: kernel

2022-06-3023:38:00
alas.aws.amazon.com
35
kernel
information leak
memory leak
use-after-free
privilege escalation
scsi_ioctl
nfs over rdma
tcp source port generation
ext4 filesystem
netfilter subsystem
tcp client identification
denial of service
confidentiality breaches

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS

0.001

Percentile

50.8%

Issue Overview:

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)

An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c function in RPCRDMA_HDRLEN_MIN (7) (in rpcrdma_max_call_header_size, rpcrdma_max_reply_header_size). This flaw allows an attacker with normal user privileges to leak kernel information. (CVE-2022-0812)

Due to the small table perturb size, a memory leak flaw was found in the Linux kernel’s TCP source port generation algorithm in the net/ipv4/tcp.c function. This flaw allows an attacker to leak information and may cause a denial of service. (CVE-2022-1012)

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. (CVE-2022-1184)

A use-after-free vulnerability was found in the Linux kernel’s Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. (CVE-2022-1966)

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250)

The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296)

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981)

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system.

New Packages:

i686:  
    kernel-devel-4.14.285-147.501.amzn1.i686  
    kernel-debuginfo-common-i686-4.14.285-147.501.amzn1.i686  
    perf-debuginfo-4.14.285-147.501.amzn1.i686  
    kernel-4.14.285-147.501.amzn1.i686  
    kernel-headers-4.14.285-147.501.amzn1.i686  
    kernel-debuginfo-4.14.285-147.501.amzn1.i686  
    kernel-tools-devel-4.14.285-147.501.amzn1.i686  
    kernel-tools-4.14.285-147.501.amzn1.i686  
    perf-4.14.285-147.501.amzn1.i686  
    kernel-tools-debuginfo-4.14.285-147.501.amzn1.i686  
  
src:  
    kernel-4.14.285-147.501.amzn1.src  
  
x86_64:  
    kernel-tools-4.14.285-147.501.amzn1.x86_64  
    kernel-debuginfo-common-x86_64-4.14.285-147.501.amzn1.x86_64  
    kernel-tools-debuginfo-4.14.285-147.501.amzn1.x86_64  
    kernel-headers-4.14.285-147.501.amzn1.x86_64  
    perf-4.14.285-147.501.amzn1.x86_64  
    kernel-debuginfo-4.14.285-147.501.amzn1.x86_64  
    kernel-tools-devel-4.14.285-147.501.amzn1.x86_64  
    kernel-devel-4.14.285-147.501.amzn1.x86_64  
    perf-debuginfo-4.14.285-147.501.amzn1.x86_64  
    kernel-4.14.285-147.501.amzn1.x86_64  

Additional References

Red Hat: CVE-2022-0494, CVE-2022-0812, CVE-2022-1012, CVE-2022-1184, CVE-2022-1966, CVE-2022-32250, CVE-2022-32296, CVE-2022-32981

Mitre: CVE-2022-0494, CVE-2022-0812, CVE-2022-1012, CVE-2022-1184, CVE-2022-1966, CVE-2022-32250, CVE-2022-32296, CVE-2022-32981

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

EPSS

0.001

Percentile

50.8%