ALAS2KERNEL-5.4-2022-009 --- kernelID: oval:org.secpod.oval:def:1700810 | Date: (C)2022-02-01 (M)2024-04-17 |
Class: PATCH | Family: unix |
A flaw was found in the Linux kernel. A memory leak in the ccp-ops crypto driver can allow attackers to cause a denial of service. This vulnerability is similar with the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. An out-of-bounds memory write flaw was found in prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the bpf in the Linux kernel. In this flaw, the multiplication to calculate the size could lead to an integer overflow which could allow a local attacker, with a special user privilege, to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information
Product: |
kernel |
perf |
python-perf |
bpftool |