[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250108

 
 

909

 
 

196064

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS2LIVEPATCH-2023-103 --- kernel-livepatch-5.10.147-133.644

ID: oval:org.secpod.oval:def:1701158Date: (C)2023-02-09   (M)2024-04-25
Class: PATCHFamily: unix




A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920. A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211921 was assigned to this vulnerability. A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992. A missing check on user input in the _do_proc_dointvec function can result in a stack-based buffer overflow in the Linux kernel, which can cause a crash or potentially escalate privileges

Platform:
Amazon Linux 2
Product:
kernel-livepatch-5.10.147-133.644
Reference:
ALAS2LIVEPATCH-2023-103
CVE-2022-3524
CVE-2022-3594
CVE-2022-3621
CVE-2022-3623
CVE-2022-3649
CVE-2022-4378
CVE    6
CVE-2022-3623
CVE-2022-3621
CVE-2022-3594
CVE-2022-3649
...
CPE    1
cpe:/o:amazon:linux:2

© SecPod Technologies