QID 354135
Date Published: 2022-12-08
QID 354135: Amazon Linux Security Advisory for kernel : ALAS2-2022-1888
In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation.
This could lead to local escalation of privilege with system execution privileges needed.
User interaction is not needed for exploitation.
Product: androidversions: android kernelandroid id: a-223375145references: upstream kernel (cve-2022-20369) a flaw was found in hw.
In certain processors with intel's enhanced indirect branch restricted speculation (eibrs) capabilities, soon after vm exit or ibpb command event, the linear address following the most recent near call instruction prior to a vm exit may be used as the return stack buffer (rsb) prediction. (
( CVE-2022-26373) a vulnerability classified as critical was found in linux kernel.
Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component bluetooth.
The manipulation leads to use after free.
It is recommended to apply a patch to fix this issue.
The associated identifier of this vulnerability is vdb-211087. (
( CVE-2022-3564)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2-2022-1888 -
alas.aws.amazon.com/AL2/ALAS-2022-1888.html
CVEs related to QID 354135
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2022-1888 | Amazon Linux 2 |
alas.aws.amazon.com/AL2/ALAS-2022-1888.html |