Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2022-1888

Related Vulnerabilities: CVE-2022-20369   CVE-2022-26373   CVE-2022-3564  

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel (CVE-2022-20369) A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer (RSB) prediction. (CVE-2022-26373) A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)

Source

ALAS2-2022-1888

Amazon Linux 2 Security Advisory: ALAS-2022-1888
Advisory Release Date: 2022-12-01 20:31 Pacific
Advisory Updated Date: 2022-12-06 22:41 Pacific
Severity: Important
Issue Overview:

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel (CVE-2022-20369)

A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer (RSB) prediction. (CVE-2022-26373)

A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. (CVE-2022-3564)


Affected Packages:

kernel


Issue Correction:
Run yum update kernel to update your system.

New Packages:
aarch64:
    kernel-4.14.299-223.520.amzn2.aarch64
    kernel-headers-4.14.299-223.520.amzn2.aarch64
    kernel-debuginfo-common-aarch64-4.14.299-223.520.amzn2.aarch64
    perf-4.14.299-223.520.amzn2.aarch64
    perf-debuginfo-4.14.299-223.520.amzn2.aarch64
    python-perf-4.14.299-223.520.amzn2.aarch64
    python-perf-debuginfo-4.14.299-223.520.amzn2.aarch64
    kernel-tools-4.14.299-223.520.amzn2.aarch64
    kernel-tools-devel-4.14.299-223.520.amzn2.aarch64
    kernel-tools-debuginfo-4.14.299-223.520.amzn2.aarch64
    kernel-devel-4.14.299-223.520.amzn2.aarch64
    kernel-debuginfo-4.14.299-223.520.amzn2.aarch64

i686:
    kernel-headers-4.14.299-223.520.amzn2.i686

src:
    kernel-4.14.299-223.520.amzn2.src

x86_64:
    kernel-4.14.299-223.520.amzn2.x86_64
    kernel-headers-4.14.299-223.520.amzn2.x86_64
    kernel-debuginfo-common-x86_64-4.14.299-223.520.amzn2.x86_64
    perf-4.14.299-223.520.amzn2.x86_64
    perf-debuginfo-4.14.299-223.520.amzn2.x86_64
    python-perf-4.14.299-223.520.amzn2.x86_64
    python-perf-debuginfo-4.14.299-223.520.amzn2.x86_64
    kernel-tools-4.14.299-223.520.amzn2.x86_64
    kernel-tools-devel-4.14.299-223.520.amzn2.x86_64
    kernel-tools-debuginfo-4.14.299-223.520.amzn2.x86_64
    kernel-devel-4.14.299-223.520.amzn2.x86_64
    kernel-debuginfo-4.14.299-223.520.amzn2.x86_64
    kernel-livepatch-4.14.299-223.520-1.0-0.amzn2.x86_64

Additional References

Red Hat: CVE-2022-20369, CVE-2022-26373, CVE-2022-3564

Mitre: CVE-2022-20369, CVE-2022-26373, CVE-2022-3564

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started