ALAS2-2022-1833 --- kernelID: oval:org.secpod.oval:def:1700994 | Date: (C)2022-08-23 (M)2024-04-17 |
Class: PATCH | Family: unix |
An out-of-bounds write flaw was found in the Linux kernel's framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol. This allows Xen PV guest OS users to cause a denial of service or gain privileges. An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice
Product: |
kernel |
perf |
python-perf |