Linux Distros Unpatched Vulnerability : CVE-2022-21499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger...

kernel security and bug fix update

3.10.0-1160.108.1.0.1.OL7 - debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 3.10.0-1160.108.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug:...

kernel security update

3.10.0-1160.105.1.0.1.OL7 - debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 3.10.0-1160.105.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug:...

kernel security and bug fix update

3.10.0-1160.102.1.0.1.OL7 - debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 3.10.0-1160.102.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug:...

kernel security and bug fix update

3.10.0-1160.90.1.0.1.OL7 - debug: lock down kgdb Orabug: 34270798 CVE-2022-21499 3.10.0-1160.90.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 2481767...

Oracle Linux 9 : kernel (ELSA-2022-8267)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8267 advisory. - posix-cpu-timers: Cleanup CPU timers before freeing them during exec Wander Lairson Costa 2116968 CVE-2022-2585 - fix race between exititimers and...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9927)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9927 advisory. - afkey: Do not call xfrmprobealgs in parallel Herbert Xu Orabug: 34566752 CVE-2022-3028 Tenable has extracted the preceding description block...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9926)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9926 advisory. - afkey: Do not call xfrmprobealgs in parallel Herbert Xu Orabug: 34566752 CVE-2022-3028 Tenable has extracted the preceding description block...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9871)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-9871 advisory. - afkey: Do not call xfrmprobealgs in parallel Herbert Xu Orabug: 34566753 CVE-2022-3028 - lockdown: also lock down previous kgdb use Daniel Thompson...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9870)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9870 advisory. - afkey: Do not call xfrmprobealgs in parallel Herbert Xu Orabug: 34566753 CVE-2022-3028 - lockdown: also lock down previous kgdb use Daniel Thompson...

Slackware Linux 15.0 kernel-generic Multiple Vulnerabilities (SSA:2022-237-02)

The version of kernel-generic installed on the remote host is prior to 5.15.63 / 5.15.63smp. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-237-02 advisory. New kernel packages are available for Slackware 15.0 to fix security issues. Tenable has extracted the...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:2482-1)

The remote SUSE Linux SLES12 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2482-1 advisory. - A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root...

SUSE SLES12 Security Update : kernel (Live Patch 22 for SLE 12 SP4) (SUSE-SU-2022:2446-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2446-1 advisory. - A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-032)

The version of kernel installed on the remote host is prior to 5.4.201-111.359. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-032 advisory. Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-017)

The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-017 advisory. Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2022-028 (ALASKERNEL-5.4-2022-028)

The version of kernel installed on the remote host is prior to 5.4.201-111.359. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-028 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-030)

The version of kernel installed on the remote host is prior to 5.4.201-111.359. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-030 advisory. Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port...

SUSE SLES12 Security Update : kernel (Live Patch 23 for SLE 12 SP4) (SUSE-SU-2022:2444-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2444-1 advisory. - A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug...

kernel security, bug fix, and enhancement update

4.18.0-372.16.1.0.16.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32...

GSD-2022-1003168 lockdown: also lock down previous kgdb use

lockdown: also lock down previous kgdb use This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.10 by commit...