Lucene search

K
cloudlinuxCloudLinuxCLSA-2022:1650576075
HistoryApr 21, 2022 - 9:21 p.m.

Fix of 13 CVEs

2022-04-2121:21:15
repo.cloudlinux.com
31

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

40.2%

  • CKSIX-267: USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
  • CKSIX-267: CVE-2019-14615: drm/i915/gen9: Clear residual context state on context switch
  • CKSIX-267: CVE-2020-8647, CVE-2020-8649: vgacon: Fix a UAF in vgacon_invert_region
  • CKSIX-267: CVE-2020-14331: vgacon: Fix for missing check in scrollback handling
  • CKSIX-268: CVE-2021-3347: futex: Handle faults correctly for PI futexes
  • CKSIX-268: CVE-2021-3347: futex: Provide and use pi_state_update_owner()
  • CKSIX-263: KEYS: allow reaching the keys quotas exactly
  • CKSIX-263: KEYS: reaching the keys quotas correctly
  • CKSIX-263: fix -ENOMEM result with invalid user space pointer in sendto() syscall
  • CKSIX-263: CVE-2017-18344: posix-timer: Properly check sigevent->sigev_notify
  • CKSIX-263: CVE-2018-6927: futex: Prevent overflow by strengthen input validation
  • CKSIX-258: CVE-2017-6951: KEYS: Change the name of the dead type to ā€œ.deadā€ to prevent user access
  • CKSIX-258: CVE-2017-15299: KEYS: donā€™t let add_key() update an uninstantiated key
  • CKSIX-258: fix CVE-2016-9604
  • CKSIX-258: KEYS: add missing permission check for request_key() destination
  • CKSIX-258: CVE-2017-10661: timerfd: Protect the might cancel mechanism proper
  • CKSIX-258: fix CVE-2017-7472
  • CKSIX-258: fix CVE-2017-15274

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

40.2%