Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS2-2022-1888
HistoryDec 01, 2022 - 8:31 p.m.

Important: kernel

2022-12-0120:31:00
alas.aws.amazon.com
23
android kernel
intel eibrs
rsb prediction
use after free
bluetooth
l2cap
out of bounds write
privilege escalation

0.0005 Low

EPSS

Percentile

18.0%

JSON

Issue Overview:

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel (CVE-2022-20369)

A flaw was found in hw. In certain processors with Intel’s Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer (RSB) prediction. (CVE-2022-26373)

A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system.

New Packages:

aarch64:  
    kernel-4.14.299-223.520.amzn2.aarch64  
    kernel-headers-4.14.299-223.520.amzn2.aarch64  
    kernel-debuginfo-common-aarch64-4.14.299-223.520.amzn2.aarch64  
    perf-4.14.299-223.520.amzn2.aarch64  
    perf-debuginfo-4.14.299-223.520.amzn2.aarch64  
    python-perf-4.14.299-223.520.amzn2.aarch64  
    python-perf-debuginfo-4.14.299-223.520.amzn2.aarch64  
    kernel-tools-4.14.299-223.520.amzn2.aarch64  
    kernel-tools-devel-4.14.299-223.520.amzn2.aarch64  
    kernel-tools-debuginfo-4.14.299-223.520.amzn2.aarch64  
    kernel-devel-4.14.299-223.520.amzn2.aarch64  
    kernel-debuginfo-4.14.299-223.520.amzn2.aarch64  
  
i686:  
    kernel-headers-4.14.299-223.520.amzn2.i686  
  
src:  
    kernel-4.14.299-223.520.amzn2.src  
  
x86_64:  
    kernel-4.14.299-223.520.amzn2.x86_64  
    kernel-headers-4.14.299-223.520.amzn2.x86_64  
    kernel-debuginfo-common-x86_64-4.14.299-223.520.amzn2.x86_64  
    perf-4.14.299-223.520.amzn2.x86_64  
    perf-debuginfo-4.14.299-223.520.amzn2.x86_64  
    python-perf-4.14.299-223.520.amzn2.x86_64  
    python-perf-debuginfo-4.14.299-223.520.amzn2.x86_64  
    kernel-tools-4.14.299-223.520.amzn2.x86_64  
    kernel-tools-devel-4.14.299-223.520.amzn2.x86_64  
    kernel-tools-debuginfo-4.14.299-223.520.amzn2.x86_64  
    kernel-devel-4.14.299-223.520.amzn2.x86_64  
    kernel-debuginfo-4.14.299-223.520.amzn2.x86_64  
    kernel-livepatch-4.14.299-223.520-1.0-0.amzn2.x86_64

Additional References

Red Hat: CVE-2022-20369, CVE-2022-26373, CVE-2022-3564

Mitre: CVE-2022-20369, CVE-2022-26373, CVE-2022-3564

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64kernel< 4.14.299-223.520.amzn2kernel-4.14.299-223.520.amzn2.aarch64.rpm
Amazon Linux2aarch64kernel-headers< 4.14.299-223.520.amzn2kernel-headers-4.14.299-223.520.amzn2.aarch64.rpm
Amazon Linux2aarch64kernel-debuginfo-common-aarch64< 4.14.299-223.520.amzn2kernel-debuginfo-common-aarch64-4.14.299-223.520.amzn2.aarch64.rpm
Amazon Linux2aarch64perf< 4.14.299-223.520.amzn2perf-4.14.299-223.520.amzn2.aarch64.rpm
Amazon Linux2aarch64perf-debuginfo< 4.14.299-223.520.amzn2perf-debuginfo-4.14.299-223.520.amzn2.aarch64.rpm
Amazon Linux2aarch64python-perf< 4.14.299-223.520.amzn2python-perf-4.14.299-223.520.amzn2.aarch64.rpm
Amazon Linux2aarch64python-perf-debuginfo< 4.14.299-223.520.amzn2python-perf-debuginfo-4.14.299-223.520.amzn2.aarch64.rpm
Amazon Linux2aarch64kernel-tools< 4.14.299-223.520.amzn2kernel-tools-4.14.299-223.520.amzn2.aarch64.rpm
Amazon Linux2aarch64kernel-tools-devel< 4.14.299-223.520.amzn2kernel-tools-devel-4.14.299-223.520.amzn2.aarch64.rpm
Amazon Linux2aarch64kernel-tools-debuginfo< 4.14.299-223.520.amzn2kernel-tools-debuginfo-4.14.299-223.520.amzn2.aarch64.rpm
Rows per page:
1-10 of 271

Related

amazon 2
nessus 75
ubuntucve 3
cvelist 3
prion 3
redhatcve 3
nvd 3
debiancve 3
cve 3
intel 1
veracode 2
f5 2
openvas 28
redhat 25
githubexploit 2
centos 1
oraclelinux 2
ubuntu 10
osv 14
ibm 1
photon 2
vmware 3
suse 3
mageia 1
almalinux 2
rocky 2
amazon
amazon
Important: kernel
2022-12-01 20:31:00
Important: kernel
2022-12-01 17:33:00
nessus
nessus
Amazon Linux 2 : kernel (ALAS-2022-1888)
2022-12-07 00:00:00
CentOS 7 : kernel-rt (RHSA-2023:4150)
2024-01-09 00:00:00
RHEL 7 : kernel (RHSA-2023:3277)
2023-05-23 00:00:00
ubuntucve
ubuntucve
CVE-2022-20369
2022-08-11 00:00:00
CVE-2022-26373
2022-08-18 00:00:00
CVE-2022-3564
2022-10-17 00:00:00
cvelist
cvelist
CVE-2022-20369
2022-08-11 00:00:00
CVE-2022-26373
2022-08-18 00:00:00
CVE-2022-3564 Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free
2022-10-17 00:00:00
prion
prion
Input validation
2022-08-11 15:15:00
Information disclosure
2022-08-18 20:15:00
Design/Logic Flaw
2022-10-17 19:15:00
redhatcve
redhatcve
CVE-2022-20369
2022-10-25 10:20:14
CVE-2022-26373
2022-08-09 18:37:41
CVE-2022-3564
2022-12-05 20:01:14
nvd
nvd
CVE-2022-20369
2022-08-11 15:15:10
CVE-2022-26373
2022-08-18 20:15:11
CVE-2022-3564
2022-10-17 19:15:10
debiancve
debiancve
CVE-2022-20369
2022-08-11 15:15:10
CVE-2022-26373
2022-08-18 20:15:11
CVE-2022-3564
2022-10-17 19:15:10
cve
cve
CVE-2022-20369
2022-08-11 15:15:10
CVE-2022-26373
2022-08-18 20:15:11
CVE-2022-3564
2022-10-17 19:15:10
intel
intel
Intel® Processors Post Invalidation RSB Advisory
2022-08-09 00:00:00
veracode
veracode
Information Disclosure
2022-12-12 00:46:56
Denial Of Service (DoS)
2022-12-06 12:17:34
f5
f5
K52259753 : Intel Processor vulnerability CVE-2022-26373
2022-11-07 00:00:00
K000137186 : Linux kernel vulnerability CVE-2022-3564
2023-10-09 00:00:00
openvas
openvas
CentOS: Security Advisory for bpftool (CESA-2023:4151)
2023-08-04 00:00:00
Ubuntu: Security Advisory (USN-5865-1)
2023-02-13 00:00:00
Ubuntu: Security Advisory (USN-5706-1)
2022-10-28 00:00:00
redhat
redhat
(RHSA-2023:4215) Important: kpatch-patch security update
2023-07-19 16:37:06
(RHSA-2023:4021) Important: kernel security and bug fix update
2023-07-11 07:38:40
(RHSA-2023:4020) Important: kernel security and bug fix update
2023-07-11 07:38:15
githubexploit
githubexploit
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Linux Kernel
2023-09-14 09:07:11
Exploit for Race Condition in Linux Linux Kernel
2023-09-15 10:04:05
centos
centos
bpftool, kernel, perf, python security update
2023-08-03 14:33:32
oraclelinux
oraclelinux
kernel security and bug fix update
2023-08-09 00:00:00
kernel security and bug fix update
2023-03-01 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-10-10 00:00:00
Linux kernel (Qualcomm Snapdragon) vulnerabilities
2023-02-09 00:00:00
Linux kernel vulnerabilities
2023-02-09 00:00:00
osv
osv
linux-snapdragon vulnerabilities
2023-02-09 23:00:01
linux, linux-aws, linux-bluefield, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle vulnerabilities
2022-10-10 21:53:06
linux-azure-4.15 vulnerabilities
2023-02-10 14:08:25
ibm
ibm
Security Bulletin: Multiple vulnerabilities identified in VMWare ESXi shipped with IBM Cloud Pak System
2023-03-31 14:38:04
photon
photon
Important Photon OS Security Update - PHSA-2022-0293
2022-12-06 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0293
2022-12-06 00:00:00
vmware
vmware
VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities
2022-07-12 00:00:00
VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities
2022-07-12 00:00:00
VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities
2022-07-12 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2022-08-12 00:00:00
Security update for the Linux Kernel (important)
2022-09-14 00:00:00
Security update for the Linux Kernel (important)
2022-09-27 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2022-08-26 00:21:07
almalinux
almalinux
Important: kernel-rt security and bug fix update
2023-02-28 00:00:00
Important: kernel security and bug fix update
2023-02-28 00:00:00
rocky
rocky
kernel-rt security and bug fix update
2023-03-02 01:17:39
kernel security and bug fix update
2023-04-06 15:54:58

0.0005 Low

EPSS

Percentile

18.0%

JSON
Related for ALAS2-2022-1888
amazon2nessus75ubuntucve3cvelist3prion3redhatcve3nvd3debiancve3cve3intel1veracode2f52openvas28redhat25githubexploit2centos1oraclelinux2ubuntu10osv14ibm1photon2vmware3suse3mageia1almalinux2rocky2