It exists that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-23222) ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
fedoraproject fedora 35 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux eus 8.2 |
||
redhat enterprise linux server tus 8.2 |
||
redhat enterprise linux server aus 8.2 |
||
redhat enterprise linux for real time 8 |
||
redhat enterprise linux server tus 8.4 |
||
redhat enterprise linux eus 8.4 |
||
redhat enterprise linux for real time for nfv tus 8.4 |
||
redhat enterprise linux for real time for nfv tus 8.2 |
||
redhat enterprise linux for real time tus 8.4 |
||
redhat enterprise linux for real time tus 8.2 |
||
redhat enterprise linux server aus 8.4 |
||
redhat enterprise linux for real time for nfv 8 |
||
redhat enterprise linux server update services for sap solutions 8.2 |
||
redhat enterprise linux server update services for sap solutions 8.4 |
||
redhat enterprise linux server update services for sap solutions 8.1 |
||
redhat enterprise linux for power little endian eus 8.2 |
||
redhat enterprise linux for ibm z systems eus 8.2 |
||
redhat enterprise linux for power little endian 8.0 |
||
redhat enterprise linux for ibm z systems eus 8.4 |
||
redhat enterprise linux for ibm z systems 8.0 |
||
redhat enterprise linux for power little endian eus 8.4 |
||
redhat enterprise linux server for power little endian update services for sap solutions 8.1 |
||
redhat enterprise linux server for power little endian update services for sap solutions 8.2 |
||
redhat enterprise linux server for power little endian update services for sap solutions 8.4 |
||
redhat codeready_linux_builder - |
||
redhat virtualization_host 4.0 |
||
ovirt ovirt-engine 4.4.10.2 |
||
netapp h300s_firmware - |
||
netapp h500s_firmware - |
||
netapp h700s_firmware - |
||
netapp h300e_firmware - |
||
netapp h500e_firmware - |
||
netapp h700e_firmware - |
||
netapp h410s_firmware - |
||
netapp h410c_firmware - |
||
siemens scalance_lpe9403_firmware |
||
sonicwall sma1000_firmware |
IT threat evolution in Q1 2022 IT threat evolution in Q1 2022. Non-mobile statistics IT threat evolution in Q1 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2022: Kaspersky solutions blocked 1,216,350,437 attacks from online resources across the globe. Web Anti-Virus recognized 313,164,030 unique URLs as ma...
Last week, security researcher Max Kellermann discovered a high severity vulnerability in the Linux kernel, which was assigned the designation CVE-2022-0847. It affects the Linux kernels from 5.8 through any version before 5.16.11, 5.15.25 and 5.10.102, and can be used for local privilege escalation. The vulnerability resides in the pipe tool, which is used for unidirectional communication between processes, so the researcher called it “Dirty P...
Get our weekly newsletter And Adobe, SAP, Intel, AMD, Cisco, Google join in
Patch Tuesday Microsoft has addressed 71 security flaws, including three critical remote code execution vulnerabilities, in its monthly Patch Tuesday update. The IT giant is confident none of the bugs have been actively exploited. One of those critical RCEs is in Microsoft Exchange Server, and labeled CVE-2022-23277. It can be exploited by an authenticated user to "trigger malicious code in the context of the server's account through a network call," said Redmond. Yes, an attacker nee...
Get our weekly newsletter Plus: Adafruit customer data leak fallout, infosec burnout, and more
In brief A Linux local privilege escalation flaw dubbed Dirty Pipe has been discovered and disclosed along with proof-of-concept exploit code. The flaw, CVE-2022-0847, was introduced in kernel version 5.8 and fixed in versions 5.16.11, 5.15.25 and 5.10.102. It can be exploited by a normal logged-in user or a rogue running program to gain root-level privileges; it can also be used by malicious apps to take over vulnerable Android devices. Max Kellermann said he found the programming blunder and r...