From: Masami Ichikawa <masami.ichikawa@miraclelinux.com>
To: cip-dev <cip-dev@lists.cip-project.org>
Subject: New CVE entries this week
Date: Thu, 16 Jun 2022 08:44:02 +0900 [thread overview]
Message-ID: <CAODzB9qmZ1m6L8MZYUOooRYfXh5Z_uj=o=ieR+Rn9jfSmdxQQA@mail.gmail.com> (raw)
Hi !
It's this week's CVE report.
This week reported 3 new CVEs and 3 updated CVEs.
FYI: A new side-channel attack which is called "Hertzbleed Attack" has
been published.
This vulnerability has assigned to CVE-2022-23823 and CVE-2022-24436.
Researchers confirmed Intel's 8th to the 11th generation Core
microarchitecture and AMD Ryzen processors are affected but the
haven't confirmed other processors(e.g. ARM) are affected or not.
Intel and AMD provided guidance to mitigate the Heartbleed Attack.
However, researchers said that Intel and AMD haven't planned to
provide microcode patches.
https://www.hertzbleed.com/
* New CVEs
CVE-2022-32981: powerpc/32: Fix overread/overwrite of thread_struct via ptrace
CVSS v3 score is not assigned.
This vulnerability only affects powerpc 32bit architecture.
There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka
PEEKUSR and POKEUSR) when accessing floating point registers.
Fixed status
mainline: [8e1278444446fc97778a5e5c99bca1ce0bbc5ec9]
stable/4.14: [d13c94c4b6f816e79b8e4df193db1bdcc7253610]
stable/4.19: [a0e38a2808ea708beb4196a8873cecc23efb8e64]
stable/4.9: [89dda10b73b7ce184caf18754907126ce7ce3fad]
stable/5.10: [3be74fc0afbeadc2aff8dc69f3bf9716fbe66486]
stable/5.15: [2a0165d278973e30f2282c15c52d91788749d2d4]
stable/5.18: [7764a258356c454fe56b9f56fc07c0e146a3bccb]
stable/5.4: [0c4bc0a2f8257f79a70fe02b9a698eb14695a64b]
CVE-2022-32250: use-after-free bug in net/netfilter/nf_tables_api.c
causes a local user to escalate privileges.
CVSS v3 score is 7.8 HIGH
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1
allows a local user (able to create user/net namespaces) to escalate
privileges to root because an incorrect NFT_STATEFUL_EXPR check leads
to a use-after-free.
The bug fix commit 5207780 ("netfilter: nf_tables: disallow
non-stateful expression in sets earlier") and bug introduced commit
0b2d8a7 ("netfilter: nf_tables: add helper functions for expression
handling") are same as CVE-2022-1966.
So, it looks like this CVE is a duplicate of CVE-2022-1966.
Fixed status
mainline: [520778042ccca019f3ffa136dd0ca565c486cedd]
stable/4.14: [5b732a9e8e22395d911b3e6c343cbed0e1cec275]
stable/4.19: [ed44398b45add3d9be56b7457cc9e05282e518b4]
stable/4.9: [94e9b75919619ba8c4072abc4917011a7a888a79]
stable/5.10: [ea62d169b6e731e0b54abda1d692406f6bc6a696]
stable/5.15: [f692bcffd1f2ce5488d24fbcb8eab5f351abf79d]
stable/5.17: [d8db0465bcc4d4b54ecfb67b820ed26eb1440da7]
stable/5.18: [8f44c83e51b4ca49c815f8dd0d9c38f497cdbcb0]
stable/5.4: [f36736fbd48491a8d85cd22f4740d542c5a1546e]
CVE-2022-1976: io_uring: reinstate the inflight tracking
CVSS v3 score is not assigned.
There is a use-after-free bug in fs/io_uring.c that caused a system crash.
This issue was introduced by commit d536123 ("io_uring: drop the old
style inflight file tracking") in 5.18-rc2.
5.18 and the mainline are affected by this vulnerability. Kernel 5.17
contains the commit d536123 but this version is EOL.
Fixed status
mainline: [9cae36a094e7e9d6e5fe8b6dcd4642138b3eb0c7]
* Updated CVEs
CVE-2021-4034: kernel vs pkexec API confusion leads to easy local root
Added 4.14, 5.4, 5.15 and 5.17 kernel fixed commits.
Fixed status
mainline: [dcd46d897adb70d63e025f175a00a89797d31a43]
stable/4.14: [98e0c7c702894987732776736c99b85ade6fba45]
stable/4.19: [b50fb8dbc8b81aaa126387de428f4c42a7c72a73]
stable/4.9: [41f6ea5b9aaa28b740d47ffe995a5013211fdbb0]
stable/5.10: [27a6f495b63a1804cc71be45911065db7757a98c]
stable/5.15: [1290eb4412aa0f0e9f3434b406dc8e255da85f9e]
stable/5.17: [cfbfff8ce5e3d674947581f1eb9af0a1b1807950]
stable/5.4: [1fe82bfd9e4ce93399d815ca458b58505191c3e8]
CVE-2022-1973: fs/ntfs3: Fix invalid free in log_replay
Stable kernels 5.15, 5.17, and 5.18 were fixed. All kernels are fixed.
Fixed status
mainline: [f26967b9f7a830e228bb13fb41bd516ddd9d789d]
stable/5.15: [61decb58486d7c0cbded25fe4d301ab4fa148cd8]
stable/5.17: [2088cc00491e8d25a99d0f247df843e9c3df2040]
stable/5.18: [2aafbe9fb210a355d6e0e92a91f294dee80e5d44]
CVE-2022-1966: netfilter: nf_tables: disallow non-stateful expression
in sets earlier
stable 4.14, 4.19, 4.9, and 5.4 were fixed.
Fixed status
mainline: [520778042ccca019f3ffa136dd0ca565c486cedd]
stable/4.14: [5b732a9e8e22395d911b3e6c343cbed0e1cec275]
stable/4.19: [ed44398b45add3d9be56b7457cc9e05282e518b4]
stable/4.9: [94e9b75919619ba8c4072abc4917011a7a888a79]
stable/5.10: [ea62d169b6e731e0b54abda1d692406f6bc6a696]
stable/5.15: [f692bcffd1f2ce5488d24fbcb8eab5f351abf79d]
stable/5.17: [d8db0465bcc4d4b54ecfb67b820ed26eb1440da7]
stable/5.18: [8f44c83e51b4ca49c815f8dd0d9c38f497cdbcb0]
stable/5.4: [f36736fbd48491a8d85cd22f4740d542c5a1546e]
Currently tracking CVEs
CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2
There is no fix information.
CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM
No fix information.
CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning
No fix information.
CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning
No fix information.
Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.
Email :masami.ichikawa@cybertrust.co.jp
:masami.ichikawa@miraclelinux.com
next reply other threads:[~2022-06-15 23:44 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-15 23:44 Masami Ichikawa [this message]
2022-06-16 12:04 ` [cip-dev] New CVE entries this week Pavel Machek
-- strict thread matches above, loose matches on Subject: below --
2023-09-13 22:34 Masami Ichikawa
2023-09-06 23:22 Masami Ichikawa
2023-08-30 23:08 Masami Ichikawa
2023-08-23 22:47 Masami Ichikawa
2023-08-16 23:04 Masami Ichikawa
2023-08-10 0:04 Masami Ichikawa
2023-08-02 23:38 Masami Ichikawa
2023-07-26 23:15 Masami Ichikawa
2023-07-20 0:25 Masami Ichikawa
2023-07-12 23:24 Masami Ichikawa
2023-07-06 0:35 Masami Ichikawa
2023-06-29 0:26 Masami Ichikawa
2023-06-21 23:07 Masami Ichikawa
2023-06-14 22:43 Masami Ichikawa
2023-06-07 22:19 Masami Ichikawa
2023-05-31 23:54 Masami Ichikawa
2023-05-24 22:50 Masami Ichikawa
2023-05-17 23:10 Masami Ichikawa
2023-05-10 23:47 Masami Ichikawa
2023-05-03 22:53 Masami Ichikawa
2023-04-26 23:10 Masami Ichikawa
2023-04-19 23:49 Masami Ichikawa
2023-04-13 0:19 Masami Ichikawa
2023-04-06 0:19 Masami Ichikawa
2023-03-29 23:52 Masami Ichikawa
2023-03-22 23:10 Masami Ichikawa
2023-03-16 0:03 Masami Ichikawa
2023-03-08 23:53 Masami Ichikawa
2023-03-02 1:40 Masami Ichikawa
2023-02-22 23:33 Masami Ichikawa
2023-02-15 23:19 Masami Ichikawa
2023-02-08 23:44 Masami Ichikawa
2023-02-02 0:55 Masami Ichikawa
2023-01-25 23:59 Masami Ichikawa
2023-01-19 0:14 Masami Ichikawa
2023-03-03 14:08 ` Dan Carpenter
2023-01-12 0:21 Masami Ichikawa
2023-01-05 1:04 Masami Ichikawa
2022-12-29 0:00 Masami Ichikawa
2022-12-21 22:58 Masami Ichikawa
2023-02-01 8:09 ` Dan Carpenter
2023-02-01 13:59 ` Dan Carpenter
2022-12-15 3:25 Masami Ichikawa
2023-01-19 7:51 ` Dan Carpenter
2023-01-19 13:56 ` Masami Ichikawa
2023-01-19 15:24 ` Dan Carpenter
2022-12-07 23:25 Masami Ichikawa
2022-11-30 23:26 Masami Ichikawa
2022-11-24 1:24 Masami Ichikawa
2022-11-17 0:11 Masami Ichikawa
2022-11-09 23:02 Masami Ichikawa
2022-11-02 23:20 Masami Ichikawa
2022-10-27 0:55 Masami Ichikawa
2022-10-20 0:48 Masami Ichikawa
2022-10-12 23:43 Masami Ichikawa
2022-10-05 23:53 Masami Ichikawa
2022-09-28 23:42 Masami Ichikawa
2022-09-22 0:06 Masami Ichikawa
2022-09-14 23:53 Masami Ichikawa
2022-09-07 23:07 Masami Ichikawa
2022-09-01 0:12 Masami Ichikawa
2022-08-25 1:18 Masami Ichikawa
2022-08-17 23:23 Masami Ichikawa
2022-08-10 23:20 Masami Ichikawa
2022-08-04 0:29 Masami Ichikawa
2022-07-27 23:45 Masami Ichikawa
2022-07-21 0:01 Masami Ichikawa
2022-07-14 0:54 Masami Ichikawa
2022-07-06 23:21 Masami Ichikawa
2022-06-29 22:50 Masami Ichikawa
2022-06-22 23:47 Masami Ichikawa
2022-06-08 23:44 Masami Ichikawa
2022-06-02 0:14 Masami Ichikawa
2022-05-25 23:12 Masami Ichikawa
2022-05-19 0:21 Masami Ichikawa
2022-05-12 0:15 Masami Ichikawa
2022-05-04 22:53 Masami Ichikawa
2022-04-27 23:03 Masami Ichikawa
2022-04-21 0:00 Masami Ichikawa
2022-04-14 0:10 Masami Ichikawa
2022-04-06 23:50 Masami Ichikawa
2022-03-30 23:22 Masami Ichikawa
2022-03-24 0:42 Masami Ichikawa
2022-03-16 23:34 Masami Ichikawa
2022-03-09 23:55 Masami Ichikawa
2022-03-02 23:50 Masami Ichikawa
2022-02-23 23:41 Masami Ichikawa
2022-02-17 0:09 Masami Ichikawa
2022-02-10 1:35 Masami Ichikawa
2022-02-03 0:28 Masami Ichikawa
2022-01-05 23:31 Masami Ichikawa
2021-10-28 0:05 Masami Ichikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAODzB9qmZ1m6L8MZYUOooRYfXh5Z_uj=o=ieR+Rn9jfSmdxQQA@mail.gmail.com' \
--to=masami.ichikawa@miraclelinux.com \
--cc=cip-dev@lists.cip-project.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.