Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS2-2022-1889
HistoryDec 01, 2022 - 8:31 p.m.

Important: libbpf

2022-12-0120:31:00
alas.aws.amazon.com
11

8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

8.2%

JSON

Issue Overview:

A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032. (CVE-2022-3534)

Affected Packages:

libbpf

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update libbpf to update your system.

New Packages:

aarch64:  
    libbpf-0.5.0-2.amzn2.0.3.aarch64  
    libbpf-devel-0.5.0-2.amzn2.0.3.aarch64  
    libbpf-static-0.5.0-2.amzn2.0.3.aarch64  
    libbpf-debuginfo-0.5.0-2.amzn2.0.3.aarch64  
  
i686:  
    libbpf-0.5.0-2.amzn2.0.3.i686  
    libbpf-devel-0.5.0-2.amzn2.0.3.i686  
    libbpf-static-0.5.0-2.amzn2.0.3.i686  
    libbpf-debuginfo-0.5.0-2.amzn2.0.3.i686  
  
src:  
    libbpf-0.5.0-2.amzn2.0.3.src  
  
x86_64:  
    libbpf-0.5.0-2.amzn2.0.3.x86_64  
    libbpf-devel-0.5.0-2.amzn2.0.3.x86_64  
    libbpf-static-0.5.0-2.amzn2.0.3.x86_64  
    libbpf-debuginfo-0.5.0-2.amzn2.0.3.x86_64

Additional References

Red Hat: CVE-2022-3534

Mitre: CVE-2022-3534

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64libbpf< 0.5.0-2.amzn2.0.3libbpf-0.5.0-2.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64libbpf-devel< 0.5.0-2.amzn2.0.3libbpf-devel-0.5.0-2.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64libbpf-static< 0.5.0-2.amzn2.0.3libbpf-static-0.5.0-2.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64libbpf-debuginfo< 0.5.0-2.amzn2.0.3libbpf-debuginfo-0.5.0-2.amzn2.0.3.aarch64.rpm
Amazon Linux2i686libbpf< 0.5.0-2.amzn2.0.3libbpf-0.5.0-2.amzn2.0.3.i686.rpm
Amazon Linux2i686libbpf-devel< 0.5.0-2.amzn2.0.3libbpf-devel-0.5.0-2.amzn2.0.3.i686.rpm
Amazon Linux2i686libbpf-static< 0.5.0-2.amzn2.0.3libbpf-static-0.5.0-2.amzn2.0.3.i686.rpm
Amazon Linux2i686libbpf-debuginfo< 0.5.0-2.amzn2.0.3libbpf-debuginfo-0.5.0-2.amzn2.0.3.i686.rpm
Amazon Linux2x86_64libbpf< 0.5.0-2.amzn2.0.3libbpf-0.5.0-2.amzn2.0.3.x86_64.rpm
Amazon Linux2x86_64libbpf-devel< 0.5.0-2.amzn2.0.3libbpf-devel-0.5.0-2.amzn2.0.3.x86_64.rpm
Rows per page:
1-10 of 121

Related

cve 1
prion 1
nessus 13
ubuntucve 1
redhatcve 1
debiancve 1
altlinux 1
ubuntu 3
photon 2
osv 3
cloudfoundry 1
mageia 2
slackware 1
ics 1
avleonov 1
cve
cve
CVE-2022-3534
2022-10-17 09:15:00
prion
prion
Design/Logic Flaw
2022-10-17 09:15:00
nessus
nessus
Amazon Linux 2 : libbpf (ALAS-2022-1889)
2022-12-07 00:00:00
Ubuntu 20.04 ESM : LibBPF vulnerabilities (USN-5759-2)
2023-10-20 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libbpf (SUSE-SU-2023:0405-1)
2023-02-15 00:00:00
ubuntucve
ubuntucve
CVE-2022-3534
2022-10-17 00:00:00
redhatcve
redhatcve
CVE-2022-3534
2023-01-30 20:05:30
debiancve
debiancve
CVE-2022-3534
2022-10-17 09:15:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libbpf version 0.8.1-alt2
2023-02-21 00:00:00
ubuntu
ubuntu
dwarves vulnerabilities
2023-07-11 00:00:00
LibBPF vulnerabilities
2022-12-05 00:00:00
LibBPF vulnerabilities
2022-12-08 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0377
2023-04-16 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0183
2022-05-14 00:00:00
osv
osv
dwarves-dfsg vulnerabilities
2023-07-11 06:36:47
libbpf vulnerabilities
2022-12-05 08:43:17
libbpf vulnerabilities
2022-12-08 09:40:00
cloudfoundry
cloudfoundry
USN-5759-1: LibBPF vulnerabilities | Cloud Foundry
2023-01-26 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2023-01-22 23:39:23
Updated kernel-linus packages fix security vulnerabilities
2023-01-22 23:39:23
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2023-02-18 02:15:39
ics
ics
Siemens SIMATIC S7-1500 TM MFP Linux Kernel
2023-06-15 12:00:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

5.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

8.2%

JSON
Related for ALAS2-2022-1889
cve1prion1nessus13ubuntucve1redhatcve1debiancve1altlinux1ubuntu3photon2osv3cloudfoundry1mageia2slackware1ics1avleonov1