QID 354049
Date Published: 2022-08-24
QID 354049: Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-034
An out-of-bounds write flaw was found in the linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl fbioput_vscreeninfo with malicious data.
This flaw allows a local user to crash or potentially escalate their privileges on the system. (
( CVE-2021-33655) a bug in the ima subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled (cve-2022-21505) a heap buffer overflow flaw was found in the linux kernel's netfilter subsystem in the way a user provides incorrect input of the nft_data_verdict type.
( CVE-2022-34918) an issue was discovered in the linux kernel through 5.18.14.
Xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (
( CVE-2022-36879) a memory corruption flaw was found in the linux kernel's netfilter subsystem in the way a local user uses the libnetfilter_queue when analyzing a corrupted network packet.
This flaw allows a local user to crash the system or a remote user to crash the system when the libnetfilter_queue is used by a local user. (
( CVE-2022-36946)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2KERNEL-5.4-2022-034 -
alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-034.html
CVEs related to QID 354049
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2KERNEL-5.4-2022-034 | Amazon Linux 2 |
alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-034.html |