Lucene search

K
osvGoogleOSV:RLSA-2022:5819
HistoryAug 02, 2022 - 7:00 a.m.

Important: kernel security and bug fix update

2022-08-0207:00:14
Google
osv.dev
10
kernel
linux
security
bug fix
tcp
privilege escalation
netfilter
softirq
multiqueues
backport
scsi
rocky linux
kernel bug
conntrack
mlx5
tcp_crr
calico ocp
software steering

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

AI Score

8

Confidence

High

EPSS

0.001

Percentile

50.8%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)

  • kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-32250)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Softirq hrtimers are being placed on the per-CPU softirq clocks on isolcpuโ€™s. (BZ#2090484)

  • enable/disable multiqueues repeatedly while ping local host, guest kernel panic (BZ#2093416)

  • Backport kernel audit enhancements and fixes from v5.13-rc1 to v5.16-rc6 (BZ#2095434)

  • blk_update_request: I/O error, dev nvme0n3, during xfs creation (BZ#2100150)

  • SCSI updates for Rocky Linux 8.7 (BZ#2100254)

  • Kernel bug on mm/slub.c:314 (BZ#2102251)

  • Implement new tc action for check_pkt_len (BZ#2102333)

  • too long timeout value with TIME_WAIT status of conntrack entry (BZ#2104002)

  • Connectx6-DX, mlx5 , backport 087032ee7021 (โ€œnet/mlx5e: TC, Fix ct_clear overwriting ct action metadataโ€) (BZ#2104012)

  • mlx5: Software steering memory allocation failure, netperf TCP_CRR with ct(). (BZ#2104013)

  • tcp: request_sock leak in Calico OCP (BZ#2104670)

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

AI Score

8

Confidence

High

EPSS

0.001

Percentile

50.8%