Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-9028

Опубликовано: 19 янв. 2022
Источник: oracle-oval
Платформа: Oracle Linux 7
Платформа: Oracle Linux 8

Описание

ELSA-2022-9028: Unbreakable Enterprise kernel security update (IMPORTANT)

[5.4.17-2136.302.7.2.1]

  • vfs: fs_context: fix up param length parsing in legacy_parse_param (Jamie Hill-Daniel) [Orabug: 33761451] {CVE-2022-0185}

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

kernel-uek

5.4.17-2136.302.7.2.1.el7uek

kernel-uek-debug

5.4.17-2136.302.7.2.1.el7uek

kernel-uek-debug-devel

5.4.17-2136.302.7.2.1.el7uek

kernel-uek-devel

5.4.17-2136.302.7.2.1.el7uek

kernel-uek-doc

5.4.17-2136.302.7.2.1.el7uek

kernel-uek-tools

5.4.17-2136.302.7.2.1.el7uek

kernel-uek-tools-libs

5.4.17-2136.302.7.2.1.el7uek

perf

5.4.17-2136.302.7.2.1.el7uek

python-perf

5.4.17-2136.302.7.2.1.el7uek

Oracle Linux x86_64

kernel-uek

5.4.17-2136.302.7.2.1.el7uek

kernel-uek-debug

5.4.17-2136.302.7.2.1.el7uek

kernel-uek-debug-devel

5.4.17-2136.302.7.2.1.el7uek

kernel-uek-devel

5.4.17-2136.302.7.2.1.el7uek

kernel-uek-doc

5.4.17-2136.302.7.2.1.el7uek

kernel-uek-tools

5.4.17-2136.302.7.2.1.el7uek

Oracle Linux 8

Oracle Linux aarch64

kernel-uek

5.4.17-2136.302.7.2.1.el8uek

kernel-uek-debug

5.4.17-2136.302.7.2.1.el8uek

kernel-uek-debug-devel

5.4.17-2136.302.7.2.1.el8uek

kernel-uek-devel

5.4.17-2136.302.7.2.1.el8uek

kernel-uek-doc

5.4.17-2136.302.7.2.1.el8uek

Oracle Linux x86_64

kernel-uek

5.4.17-2136.302.7.2.1.el8uek

kernel-uek-debug

5.4.17-2136.302.7.2.1.el8uek

kernel-uek-debug-devel

5.4.17-2136.302.7.2.1.el8uek

kernel-uek-devel

5.4.17-2136.302.7.2.1.el8uek

kernel-uek-doc

5.4.17-2136.302.7.2.1.el8uek

Связанные CVE

CVE-2022-0185

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2022-0185

CVSS3: 8.4
ubuntu
больше 3 лет назад

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

redhat логотип

CVE-2022-0185

CVSS3: 7.8
redhat
больше 3 лет назад

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

nvd логотип

CVE-2022-0185

CVSS3: 8.4
nvd
больше 3 лет назад

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

msrc логотип

CVE-2022-0185

CVSS3: 8.4
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-0185

CVSS3: 8.4
debian
больше 3 лет назад

A heap-based buffer overflow flaw was found in the way the legacy_pars ...

Уязвимость ELSA-2022-9028