40 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-2585
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free...
Alibaba Cloud Linux 3 : 0002: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2023:0002)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0002 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-4037: A vulnerability was found i...
Siemens SIMATIC S7-1500 TM MFP BIOS Use After Free (CVE-2022-2585)
A use-after-free flaw was found in the Linux kernel's POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user to crash or potentially escalate their privileges on the system. This plugin only works...
CVE-2022-2585 affecting package kernel for versions less than 5.15.153.1-1
CVE-2022-2585 affecting package kernel for versions less than 5.15.153.1-1. A patched version of the package is available...
CVE-2022-2585
CVE-2022-2585 is a Linux kernel use-after-free vulnerability in POSIX CPU timers when exec() occurs from a non-leader thread. The issue stems from armed timers left on a list but freed, enabling local privilege escalation. Public advisories (e.g., AlmaLinux/ALAS and Debian bulletins) confirm the ...
CVE-2022-2585
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free...
Rocky Linux 9 : kernel-rt (RLSA-2022:7319)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7319 advisory. - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACESEIZE code path allows attackers to bypass intended restrictions on setting t...
AlmaLinux 9 : kernel (ALSA-2022:7318)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7318 advisory. - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACESEIZE code path allows attackers to bypass intended restrictions on setting the...
RHEL 9 : kpatch-patch (RHSA-2022:7330)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7330 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fixe...
RHEL 9 : kernel-rt (RHSA-2022:7319)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7319 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...
RHEL 9 : kernel (RHSA-2022:7318)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7318 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: posix cpu timer use-after-free may lea...
RLSA-2022:7319 Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: posix cpu timer use-after-free may lead to local privilege escalation CVE-2022-2585 Unprivileged users may use PTRACESEIZE to set...
RLSA-2022:7318 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: posix cpu timer use-after-free may lead to local privilege escalation CVE-2022-2585 Unprivileged users may use PTRACESEIZE to set PTRACEOSUSPENDSECCOMP option CVE-2022-30594 For more details abou...
ALSA-2022:7319 Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: posix cpu timer use-after-free may lead to local privilege escalation CVE-2022-2585 Unprivileged users may use PTRACESEIZE to set...
ALSA-2022:7318 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: posix cpu timer use-after-free may lead to local privilege escalation CVE-2022-2585 Unprivileged users may use PTRACESEIZE to set PTRACEOSUSPENDSECCOMP option CVE-2022-30594 For more details abou...
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: posix cpu timer use-after-free may lead to local privilege escalation CVE-2022-2585 Unprivileged users may use PTRACESEIZE to set...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the putdevice down a bit to avoid the use after free. wsa: added comment to the code, added Fixes...
Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9830)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9830 advisory. - posix-cpu-timers: Cleanup CPU timers before freeing them during exec Thadeu Lima de Souza Cascardo Orabug: 34495548 CVE-2022-2585 - netfilter:...
Unbreakable Enterprise kernel-container security update
5.15.0-2.52.3.el8 - posix-cpu-timers: Cleanup CPU timers before freeing them during exec Thadeu Lima de Souza Cascardo Orabug: 34495548 CVE-2022-2585 - fix race between exititimers and /proc/pid/timers Oleg Nesterov Orabug: 34495548 - rds: ib: Add preemption control when using per-cpu variables...
Unbreakable Enterprise kernel security update
5.15.0-2.52.3 - posix-cpu-timers: Cleanup CPU timers before freeing them during exec Thadeu Lima de Souza Cascardo Orabug: 34495548 CVE-2022-2585 - fix race between exititimers and /proc/pid/timers Oleg Nesterov Orabug: 34495548 - rds: ib: Add preemption control when using per-cpu variables Hakon...