Oracle Linux 9 : kernel (ELSA-2022-5249)


The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5249 advisory. - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. (CVE-2022-27666) - kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729) - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2022-1966) - kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.