Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-9496

Опубликовано: 21 июн. 2022
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2022-9496: kernel security update (IMPORTANT)

[4.18.0-372.9.1.0.2.el8.OL8]

  • debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499}

[4.18.0-372.9.1.0.1.el8.OL8]

  • mei: me: disable driver on the ign firmware (Alexander Usyskin) [Orabug: 34176425]

Обновленные пакеты

Oracle Linux 8

Oracle Linux x86_64

bpftool

4.18.0-372.9.1.0.2.el8

kernel

4.18.0-372.9.1.0.2.el8

kernel-abi-stablelists

4.18.0-372.9.1.0.2.el8

kernel-core

4.18.0-372.9.1.0.2.el8

kernel-cross-headers

4.18.0-372.9.1.0.2.el8

kernel-debug

4.18.0-372.9.1.0.2.el8

kernel-debug-core

4.18.0-372.9.1.0.2.el8

kernel-debug-devel

4.18.0-372.9.1.0.2.el8

kernel-debug-modules

4.18.0-372.9.1.0.2.el8

kernel-debug-modules-extra

4.18.0-372.9.1.0.2.el8

kernel-devel

4.18.0-372.9.1.0.2.el8

kernel-doc

4.18.0-372.9.1.0.2.el8

kernel-headers

4.18.0-372.9.1.0.2.el8

kernel-modules

4.18.0-372.9.1.0.2.el8

kernel-modules-extra

4.18.0-372.9.1.0.2.el8

kernel-tools

4.18.0-372.9.1.0.2.el8

kernel-tools-libs

4.18.0-372.9.1.0.2.el8

kernel-tools-libs-devel

4.18.0-372.9.1.0.2.el8

perf

4.18.0-372.9.1.0.2.el8

python3-perf

4.18.0-372.9.1.0.2.el8

Связанные CVE

CVE-2022-21499

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2022-21499

CVSS3: 6.7
ubuntu
около 3 лет назад

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

redhat логотип

CVE-2022-21499

CVSS3: 6.7
redhat
около 3 лет назад

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

nvd логотип

CVE-2022-21499

CVSS3: 6.7
nvd
около 3 лет назад

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

debian логотип

CVE-2022-21499

CVSS3: 6.7
debian
около 3 лет назад

KGDB and KDB allow read and write access to kernel memory, and thus sh ...

github логотип

GHSA-rcmc-qxj3-63p4

CVSS3: 6.5
github
около 3 лет назад

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).