logo
DATABASE RESOURCES PRICING ABOUT US

Amazon Linux AMI : kernel (ALAS-2022-1604)

Description

The version of kernel installed on the remote host is prior to 4.14.285-147.501. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1604 advisory. - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494) - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966) - net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. (CVE-2022-32250) - The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. (CVE-2022-32296) - An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. (CVE-2022-32981) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Related