Main Vulnerability Database SB20220720108

SB20220720108 - Multiple vulnerabilities in Oracle Linux

Published: July 20, 2022 Updated: July 26, 2024

Security Bulletin ID SB20220720108

Severity

High

Patch available

YES

Number of vulnerabilities 98

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 98 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29526)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.

2) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-2226)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper validation of digital signatures. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current.

3) Information disclosure (CVE-ID: CVE-2022-21123)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.

4) Integer overflow (CVE-ID: CVE-2022-34481)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the nsTArray_Impl::ReplaceElementsAt() function. A remote attacker can trick the victim to visit a specially crafted website, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

5) Error Handling (CVE-ID: CVE-2022-34472)

The vulnerability allows a remote attacker to influence browser behavior.

The vulnerability exists due to improper error handling when processing unavailable PAC file. If a PAC URL is set and the server that hosts the PAC is unreachable, OCSP requests are blocked, resulting in incorrect error pages being shown.

6) Security features bypass (CVE-ID: CVE-2022-31744)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when processing CSS stylesheets accessible via internal URIs, as "resource:". A remote attacker can bypass implemented Content Security Policy.

7) Information disclosure (CVE-ID: CVE-2022-31742)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error when handling a large number of allowCredential entries. A remote attacker can trick the victim to visit a specially crafted website, launch a timing attack and detect the difference between invalid key handles and cross-origin key handles. Successful exploitation of the vulnerability can lead to cross-origin account linking in violation of WebAuthn goals.

8) Security features bypass (CVE-ID: CVE-2022-29912)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to requests initiated through reader mode did not properly omit cookies with a SameSite attribute. A remote attacker can intercept cookies with SameSite attribute set.

9) Code Injection (CVE-ID: CVE-2022-2200)

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation when handling JavaScript attributes. A remote attacker can pass undesired attributes to JavaScript object and perform prototype pollution and execute arbitrary JavaScript code in the browser.

10) Type conversion (CVE-ID: CVE-2022-28739)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a type conversion error in some convertion methods like Kernel#Float</code> and <code>String#to_f. A remote attacker can pass specially crafted data to the affected application, trigger memory corruption and execute arbitrary code in the system.

11) Use-after-free (CVE-ID: CVE-2022-28736)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a use-after-free error in the grub_cmd_chainloader() function in chainloader command. A local privileged user can trigger a use-after-free error and bypass secure boot protection mechanism.

12) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2022-1420)

The vulnerability allows a remote attacker to cause a denial of service on the target application.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a use of out-of-range pointer offset and crash the application.

13) CRLF injection (CVE-ID: CVE-2020-26137)

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data passed via the "method" parameter. A remote authenticated attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.

14) CRLF injection (CVE-ID: CVE-2020-26116)

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data in "http.client". A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.

15) Improper access control (CVE-ID: CVE-2022-21499)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions to the kernel debugger when booted in secure boot environments. A local privileged user can bypass UEFI Secure Boot restrictions.

16) Out-of-bounds write (CVE-ID: CVE-2022-28737)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a boundary error in the handle_image() function when shim tries to load and execute crafted EFI executables. A local privileged user can trigger an out-of-bounds write error and bypass secure boot protection mechanism.

17) Out-of-bounds read (CVE-ID: CVE-2022-1629)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary condition in find_next_quote() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error, perform a denial of service attack, modify memory, and execute arbitrary code.

18) Insufficient verification of data authenticity (CVE-ID: CVE-2022-28735)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. A local privileged user can load unverified modules into GRUB and bypass secure boot protection mechanism.

19) Race condition (CVE-ID: CVE-2022-1729)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within sys_perf_event_open() in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

20) Out-of-bounds write (CVE-ID: CVE-2022-28734)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing split HTTP headerst. A remote attacker can send specially crafted traffic to the affected system, trigger an out-of-bounds write and execute arbitrary code on the target system.

21) Out-of-bounds read (CVE-ID: CVE-2022-1587)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the get_recurse_data_length() function in pcre2_jit_compile.c when handling recursions in JIT-compiled regular expressions. A remote attacker can pass specially crafted input to the affected application, trigger an out-of-bounds read error and read contents of memory on the system.

22) Out-of-bounds read (CVE-ID: CVE-2022-1586)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error, gain access to sensitive information or perform a denial of service attack.

23) Resource management error (CVE-ID: CVE-2022-29913)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper management of internal resources when handling Speech Synthesis feature. The parent process does not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process.

24) Incorrect Implementation of Authentication Algorithm (CVE-ID: CVE-2022-27782)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.

25) Buffer Over-read (CVE-ID: CVE-2020-28915)

The vulnerability allows a local user with physical access to perform a denial of service attack.

The vulnerability exists due to an out-of-bounds (OOB) memory access flaw in fbcon_get_font() function in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A local user with special user privilege and with physical access can gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.

26) Information disclosure (CVE-ID: CVE-2022-30184)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in .NET and Visual Studio. A remote attacker can gain unauthorized access to sensitive information on the system.

27) Improper Resource Shutdown or Release (CVE-ID: CVE-2022-26354)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in the vhost-vsock device of QEMU. A local user can trigger the error and gain access to sensitive information.

28) Improper input validation (CVE-ID: CVE-2022-21443)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

29) Spoofing attack (CVE-ID: CVE-2022-1520)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data when processing signed and encrypted attached messages. If an email contains 2 attached messages, Thunderbird displays security status of the first opened attached message for the second attached message. As a result an attacker can spoof security status of the second attached message.

30) Integer overflow (CVE-ID: CVE-2022-28327)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to integer overflow in the Golang's library crypto/elliptic. A remote attacker can send a specially crafted scalar input longer than 32 bytes to cause P256().ScalarMult or P256().ScalarBaseMult to panic and perform a denial of service attack.

31) Buffer overflow (CVE-ID: CVE-2022-24675)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the Golang's library encoding/pem. A remote attacker can send to victim a large (more than 5 MB) PEM input to cause a stack overflow in Decode and perform a denial of service (DoS) attack.

32) Information disclosure (CVE-ID: CVE-2022-27776)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to curl can leak authentication or cookie header data during HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hosts will make curl send the data to those. However, due to a flawed check, curl wrongly also sends that same set of headers to the hosts that are identical to the first one but use a different port number or URL scheme.

The vulnerability exists due to an incomplete fix for #VU10224 (CVE-2018-1000007).

33) Improper Authentication (CVE-ID: CVE-2022-22576)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when re-using OAUTH2 connections for SASL-enabled protocols, such as SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). libcurl may reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. As a result, a connection that is successfully created and authenticated with a user name + OAUTH2 bearer can subsequently be erroneously reused even for user + [other OAUTH2 bearer], even though that might not even be a valid bearer.

A remote attacker can exploit this vulnerability against applications intended for use in multi-user environments to bypass authentication and gain unauthorized access to victim's accounts.

34) Out-of-bounds write (CVE-ID: CVE-2021-3696)

The vulnerability allows a local privileged user to bypass implemented security restrictions.

The vulnerability exists due to a boundary error when handling Huffman tables in the PNG reader. A local privileged user can pass specially crafted PNG image to the application, trigger an out-of-bounds write error and potentially bypass secure boot protection mechanism.

35) Information disclosure (CVE-ID: CVE-2022-27774)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to curl attempts to follow redirects during authentication process and does not consider different port numbers or protocols to be separate authentication targets. If the web application performs redirection to a different port number of protocol, cURL will allow such redirection and will pass credentials. It could also leak the TLS SRP credentials this way.

By default, curl only allows redirects to HTTP(S) and FTP(S), but can be asked to allow redirects to all protocols curl supports.

36) Improper input validation (CVE-ID: CVE-2022-21496)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the JNDI component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

37) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-40528)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to use of a broken or risky cryptographic algorithm in the ElGamal implementation. A remote attacker can gain unauthorized access to sensitive information on the system.

38) Improper input validation (CVE-ID: CVE-2022-21434)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

39) Improper input validation (CVE-ID: CVE-2022-21426)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the JAXP component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

40) Use-after-free (CVE-ID: CVE-2022-1652)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to use-after-free error in the bad_flp_intr() function. A local user can execute a specially-crafted program to cause a denial of service condition on the system or escalate privileges on the system.

41) Information disclosure (CVE-ID: CVE-2022-21166)

The vulnerability allows an attacker to gain access to potentially sensitive information.

42) Information disclosure (CVE-ID: CVE-2022-21125)

The vulnerability allows an attacker to gain access to potentially sensitive information.

43) Incomplete cleanup (CVE-ID: CVE-2022-21127)

The vulnerability allows a local user to gain access to sensitive information on the system.

The vulnerability exists due to incomplete cleanup in specific special register read operations. A local user can enable information disclosure.

44) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-29901)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the way non-transparent sharing of branch predictor targets between contexts. A local user can exploit the vulnerability to gain access to sensitive information.

45) Type Confusion (CVE-ID: CVE-2022-23816)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.

46) Insufficient Session Expiration (CVE-ID: CVE-2022-0996)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient session expiration issue that allows expired passwords to access the database to cause improper authentication. A remote non-authenticated attacker can obtain or guess session token and gain unauthorized access to session that belongs to another user.

47) Buffer overflow (CVE-ID: CVE-2021-3177)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary within the PyCArg_repr in _ctypes/callproc.c. A remote attacker can pass specially crafted input to the Python applications that accept floating-point numbers as untrusted input, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

48) Out-of-bounds read (CVE-ID: CVE-2022-26280)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing ZIP files in zipx_lzma_alone_init. A remote attacker can create a specially crafted .zip archive, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

49) Input validation error (CVE-ID: CVE-2022-1271)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

50) Input validation error (CVE-ID: CVE-2022-1529)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input within the NotificationsDB module. A remote attacker can trick the victim to visit a specially crafted web page, which passes malicious messages to the parent process where the contents is used to double-index into a JavaScript object. As a result, an attacker can perform prototype pollution and execute arbitrary JavaScript code in the privileged parent process.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

51) Use of out-of-range pointer offset (CVE-ID: CVE-2022-0554)

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to a boundary error when reading files. A remote attacker can trick the victim to open a specially crafted file and crash the application.

52) Integer overflow (CVE-ID: CVE-2022-25314)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in copyString. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

53) Stack-based buffer overflow (CVE-ID: CVE-2022-25313)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in build_model. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

54) Infinite loop (CVE-ID: CVE-2022-0778)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.

55) Buffer overflow (CVE-ID: CVE-2022-0918)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when handling network packets. A remote attacker can create a single TCP packet to the LDAP port, trigger a segmentation fault and crash the slapd daemon.

56) Input validation error (CVE-ID: CVE-2022-29145)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in .NET and Visual Studio. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

57) Input validation error (CVE-ID: CVE-2022-29117)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

58) Input validation error (CVE-ID: CVE-2022-23267)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

59) Use-after-free (CVE-ID: CVE-2022-1154)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the utf_ptr2char() function in regexp_bt.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

60) Heap-based buffer overflow (CVE-ID: CVE-2022-0943)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

61) Format string error (CVE-ID: CVE-2022-1215)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a format string error during logging operation. A local user with ability to control the device name, e.g. /dev/uinput or Bluetooth devices can trigger a format string error and execute arbitrary code on the system with elevated privileges.

62) Security features bypass (CVE-ID: CVE-2022-29911)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper protection for the top-level navigation for an iframe sandbox with a policy relaxed through a keyword like allow-top-navigation-by-user-activation. A remote attacker can abuse this to bypass implemented sandboxing restrictions of loaded iframes.

63) Heap-based buffer overflow (CVE-ID: CVE-2022-27666)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c in Linux kernel. A local unprivileged user can pass specially crafted data to the system, trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.

64) Use-after-free (CVE-ID: CVE-2022-1966)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can trigger use-after-free error to escalate privileges on the system.

65) Path traversal (CVE-ID: CVE-2019-20916)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences passed via URL to the install command within the _download_http_url() function in _internal/download.py. A remote attacker can send a specially crafted HTTP request with the Content-Disposition header that contains directory traversal characters in the filename and overwrite the /root/.ssh/authorized_keys file.

66) Heap-based buffer overflow (CVE-ID: CVE-2022-24903)

The vulnerability allows a remote attacker to perform a denial of service or potentially execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when parsing data in imtcp, imptcp, imgssapi, and imhttp modules used for TCP syslog reception. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and cause a denial of service or potentially execute arbitrary code on the target system.

Successful exploitation of this vulnerability is possible if the attacker is able to directly send specially crafted messages to the rsyslog daemon or by injecting specially crafted data into log files. Vulnerability exploitation in the second scenario requires that the rsyslog client supports octet-counted framing, which is not a default configuration.

67) Integer underflow (CVE-ID: CVE-2022-28733)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow when processing IP packets within the grub_net_recv_ip4_packets() function. A remote attacker can send specially crafted network traffic to the affected system, trigger an integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

68) Improper Authorization (CVE-ID: CVE-2022-26691)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in implementation of "Local" authorization mechanism. A remote attacker can authenticate as to CUPS as root/admin without the 32-byte secret key and execute arbitrary code on the system.

69) Buffer overflow (CVE-ID: CVE-2018-25032)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

70) Memory leak (CVE-ID: CVE-2022-1012)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient randomization in the net/ipv4/tcp.c when calculating port offsets in Linux kernel cause by small table perturb size. A remote attacker can cause memory leak and gain access to sensitive information.

71) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-1552)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to incorrectly imposed security restrictions in Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck. A remote authenticated user with permission to create non-temp objects can execute arbitrary SQL functions under a superuser identity and escalate privileges within the application.

72) Code Injection (CVE-ID: CVE-2022-1802)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to prototype pollution in Top-Level Await implementation. A remote attacker can trick the victim to visit a specially crafted website, corrupt the methods of an Array object in JavaScript via prototype pollution and execute arbitrary JavaScript code in a privileged context.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

73) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29909)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due improper management of permissions within the application. Documents in deeply-nested cross-origin browsing contexts can obtain permissions granted to the top-level origin. A remote attacker can create a web page that bypasses the existing browser prompt and wrongfully inherits the top-level permissions.

74) Insufficient UI warning of dangerous operations (CVE-ID: CVE-2022-29914)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error when reusing existing popups. A remote attacker can trick the victim to visit a specially crated website and abuse the popups to cover the fullscreen notification UI, which can allow browser spoofing attack.

75) Heap-based buffer overflow (CVE-ID: CVE-2022-1621)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

76) Out-of-bounds write (CVE-ID: CVE-2021-3695)

The vulnerability allows a local privileged user to bypass implemented security restrictions.

The vulnerability exists due to a boundary error when processing PNG grayscale images. A local privileged user can pass specially crafted PNG image to the application, trigger an out-of-bounds write error and potentially bypass secure boot protection mechanism.

77) Integer overflow (CVE-ID: CVE-2022-29824)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). A remote attacker can pass specially crafted multi-gigabyte XML file to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

78) Spoofing attack (CVE-ID: CVE-2022-1834)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of multiple Braille Pattern Blank space characters, which results in displaying every space character. A remote attacker can spoof the email address of the sender.

79) Use-after-free (CVE-ID: CVE-2022-24070)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within mod_dav_svn. A remote attacker can send specially crafted HTTP requests to the affected application and perform a denial of service (DoS) attack.

80) Reachable Assertion (CVE-ID: CVE-2021-46784)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing Gopher server responses. A remote attacker can send a specially crafted response to the proxy server and perform a denial of service (DoS) attack.

81) Use-after-free (CVE-ID: CVE-2022-26353)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the virtio-net device of QEMU. A privileged user can exploit this issue to crash QEMU or potentially execute arbitrary code with elevated privileges.

82) Buffer overflow (CVE-ID: CVE-2022-31626)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing password in mysqlnd/pdo in mysqlnd_wireprotocol.c. A remote attacker with ability to control password that is passed via PDO to MySQL server can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

83) Improper input validation (CVE-ID: CVE-2022-21449)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

84) Improper input validation (CVE-ID: CVE-2022-21476)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

85) NULL pointer dereference (CVE-ID: CVE-2020-13950)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in mod_proxy_http. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

86) Integer underflow (CVE-ID: CVE-2021-3697)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer underflow within the JPEG reader. A local privileged user can trigger an integer underflow and bypass secure boot protection mechanism.

87) Buffer overflow (CVE-ID: CVE-2022-34484)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

88) Information disclosure (CVE-ID: CVE-2022-29916)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to browsers behaves differently when loading CSS from known resources involving CSS variables. A remote attacker can monitor browser behavior to guess which websites were previously visited and are stored in browser history.

89) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2022-34479)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper handling of resizing event for a popup window. A remote attacker can create a specially crafted website that can create a resized popup to overlay the address bar with its own content and perform spoofing attack.

Note, the vulnerability affects Linux installations only.

90) Use-after-free (CVE-ID: CVE-2022-34470)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in nsSHistory when handling XML documents. A remote attacker can trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

91) Security features bypass (CVE-ID: CVE-2022-34468)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper handling of the CSP sandbox header without "allow-scripts" option. A remote attacker use an iframe to bypass implemented CSP restriction and execute scripts if the user clicks on a javascript: link.

92) Buffer overflow (CVE-ID: CVE-2022-31747)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

93) Use of Uninitialized Variable (CVE-ID: CVE-2022-31741)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

94) Buffer overflow (CVE-ID: CVE-2022-31740)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error related to register allocation problem in WASM on arm64. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

95) Spoofing attack (CVE-ID: CVE-2022-31738)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error when exiting fullscreen mode. A remote attacker can use an iframe to confused the browser about the current state of fullscreen and perform spoofing attack.

96) Out-of-bounds write (CVE-ID: CVE-2022-31737)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in WebGL when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

97) Information disclosure (CVE-ID: CVE-2022-31736)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when processing HTTP requests. A malicious website can obtain the size of a cross-origin resource that supported Range requests.

98) Buffer overflow (CVE-ID: CVE-2022-29917)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

https://www.oracle.com/security-alerts/linuxbulletinjul2022.html

SB20220720108 - Multiple vulnerabilities in Oracle Linux

Breakdown by Severity

Description

Remediation

References

Please verify you're human