ALAS2LIVEPATCH-2022-076 --- kernel-livepatch-5.10.82-83.359ID: oval:org.secpod.oval:def:1700856 | Date: (C)2022-03-11 (M)2024-04-17 |
Class: PATCH | Family: unix |
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged local user able to open a filesystem that does not support the Filesystem Context API could use this flaw to escalate their privileges on the system
Product: |
kernel-livepatch-5.10.82-83.359 |