SB2023013058 - Red Hat Enterprise Linux 9.0 Extended Update Support update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023013058

SB2023013058 - Red Hat Enterprise Linux 9.0 Extended Update Support update for kernel

Published: January 30, 2023

Security Bulletin ID SB2023013058
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Physical access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Security features bypass (CVE-ID: CVE-2022-1665)

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to missing secure boot lockdown patches applied to kernel. An attacker with physical access to device can bypass the secure boot validation and load non-trusted code on the system.


2) Out-of-bounds write (CVE-ID: CVE-2022-2964)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


3) Buffer overflow (CVE-ID: CVE-2022-4139)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the i915 kernel driver on Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.



Remediation

Install update from vendor's website.

References