var-202206-1106
Vulnerability from variot
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 7) - noarch, x86_64
- ========================================================================== Ubuntu Security Notice USN-5505-1 July 07, 2022
linux-lts-xenial, linux-kvm vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-kvm: Linux kernel for cloud environments - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609)
Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752)
It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760)
Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685)
It was discovered that the Ion Memory Manager subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-39714)
Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197)
Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202)
Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330)
It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353)
It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak. (CVE-2022-1419)
Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652)
It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679)
It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system) or execute arbitrary code. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123)
It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125)
It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166)
It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958)
赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356)
It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: linux-image-4.4.0-1110-kvm 4.4.0-1110.120 linux-image-kvm 4.4.0.1110.107
Ubuntu 14.04 ESM: linux-image-4.4.0-229-generic 4.4.0-229.263~14.04.1 linux-image-4.4.0-229-lowlatency 4.4.0-229.263~14.04.1 linux-image-generic-lts-xenial 4.4.0.229.199 linux-image-lowlatency-lts-xenial 4.4.0.229.199 linux-image-virtual-lts-xenial 4.4.0.229.199
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-5505-1 CVE-2021-3609, CVE-2021-3752, CVE-2021-3760, CVE-2021-39685, CVE-2021-39714, CVE-2021-4197, CVE-2021-4202, CVE-2022-0330, CVE-2022-1353, CVE-2022-1419, CVE-2022-1652, CVE-2022-1679, CVE-2022-1734, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-24958, CVE-2022-28356, CVE-2022-28388
. Bugs fixed (https://bugzilla.redhat.com/):
2041540 - RHACM 2.4 using deprecated APIs in managed clusters 2074766 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2079418 - cluster update status is stuck, also update is not even visible 2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message 2089490 - Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2097464 - ACM Console Becomes Unusable After a Time 2100613 - RHACM 2.4.6 images 2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster 2102495 - ManagedClusters in Pending import state after ACM hub migration 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici 2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security fix:
- CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
Bug fixes:
-
Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)
-
RHACM 2.3.12 images (BZ# 2101411)
-
Bugs fixed (https://bugzilla.redhat.com/):
2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
- In addition this updates provides mitigations for the "Retbleed" speculative execution attack and the "MMIO stale data" vulnerabilities.
For additional information please refer to the following pages: https://xenbits.xen.org/xsa/advisory-404.html https://xenbits.xen.org/xsa/advisory-407.html
For the stable distribution (bullseye), these problems have been fixed in version 4.14.5+24-g87d90d511c-1.
We recommend that you upgrade your xen packages.
For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLRp7MACgkQEMKTtsN8 TjbUmQ/+PCIyYjQJgGT14YBFpKnI/JjdBNRUAlSMK7k3fPhk+J8sQrRx5MqwxRm3 poejebvnbn2KS1Z/NVaiPnS40ryOOUnLBKVDAHqRvnvrc2GwEblGCmUVaBn+cn4M 2OCG2wfpgSDk4sk83obDY1qcQW/676eGY47ULwkG9C+n6wNC8FParq71sCA6UQqy XSWlU7o7pc17l8B1c2yTzfdDeXjSaXe9pavxNXDrowLi7taeTn5GwzhH4x1fPWrs rGHCY8+Kk8Vq8jEIYmZA7bvKuIFcWkcdQpxcAtbgUvtCRzaid19tcf9McvltivKe HaHQhkDJxg32DHcefXMNsh+F0pgXoodh97PdqWtjs49jAkaNZb37Eyn4n7Qt4APm 4oKAT+QA5wYmfDsBzgAczzV9zgY3/nRvYKNH6q9VMOFE3gZfzdzvyHzpegf2VVtf 7DuJKTi61tlt6aSzcDHlzdUAwW7sHXKFLRxgQu6tFD7NbEHzgj0iBlcFOnKDwa2s hHOE6Hlj1GXZUKjol5pRjnM33qGMJmRhnq45qqWaGe21r+EFw2HTAyCacJciPX+a QZ4LEy5+zmc8LFBcZq9kZAVkc91EtTiTPjffqHaVd4eAZvxtgCbqdXFdyRZa9ZRD +2+e1dRoiIF6L5PotQygXyKwvxU8ca6Ni9isvit3brbLjcGjhZk= =pXvE -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: kernel-rt security and bug fix update Advisory ID: RHSA-2022:6437-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6437 Issue date: 2022-09-13 CVE Names: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 ==================================================================== 1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Real Time (v. 8) - x86_64 Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64
- Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Bug Fix(es):
-
The latest RHEL 8.6.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2111112)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) 2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) 2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
- Package List:
Red Hat Enterprise Linux Real Time for NFV (v. 8):
Source: kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm
x86_64: kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
Red Hat Enterprise Linux Real Time (v. 8):
Source: kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm
x86_64: kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYyCCBtzjgjWX9erEAQiMVxAAj4C0/6TQ/Wts6/PsnA7c4EJbxOzcjnSf bdJSktu0TYTmpmiZI1tZ22LbABATshxGKqzz15bFGQlIE+wHSDxN8NF86XPmdNCF Yqi8g2YZDLeKd02ggzE8ZOcjuSdkAT09qaTP9AusbQububoCFv/dR4v0UZ3+Mpk2 Bhe1VumtyZVHt4ps06dRVthVCt4HJdPEEOFmoCE4kg+ij6x626dvRuLWFbUclhHe qg+5JOBLJx9UCMHMS5X7qrdySfLw6xrqX0QM18ElmCTtnfJ03FQjzw6j6F0gV17a xGqDhJJbYby4Uhqe0eNPG5P01UW+8aWyXIxtpuG/uCJ0oC65j4yXpG136fuztx1a R+7c2xYeuZ1qrNvYsJDecYtgDwlSuhWJ/S+snlYAgB4HJ6ouHPx2Y0SYu2Xznm/2 fNj5oV13UioCVvTptBU6dI6ByX8qalq0fIbt+lb5M23vu+zlpMs6b80u3pekC7uR 3PM9Udb59P9wIcwDlS1v9jSyO/4B3maCh6vtjpdGDBUIbbOSE5E9S7zTR4vHFzhI ji5EcEHGpBz615xVGi/fSzudyR/2yjzqjazhkX5dYEZ5kOBtOOeAxTIgAQ3yhjt2 +ZFPoA9cSGTxR3AhZU+lnggpod97b8rD3IqCuz2PetsRoikUTQSIRiKBlp058FAt /NJdeWcHmjI=t/FA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2021-0145)
Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. (CVE-2022-21125)
Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that some Intel processors improperly optimised security-critical code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1106",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esxi",
"scope": "eq",
"trust": 1.0,
"vendor": "vmware",
"version": "7.0"
},
{
"model": "sgx sdk",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "2.17.100.3"
},
{
"model": "xen",
"scope": "eq",
"trust": 1.0,
"vendor": "xen",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "sgx sdk",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "2.16.100.3"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "sgx dcap",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "1.14.100.3"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "sgx psw",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "2.17.100.3"
},
{
"model": "sgx psw",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "2.16.100.3"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21123"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "169411"
},
{
"db": "PACKETSTORM",
"id": "168018"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "168364"
},
{
"db": "PACKETSTORM",
"id": "169690"
}
],
"trust": 0.6
},
"cve": "CVE-2022-21123",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2022-21123",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-406835",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-21123",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-21123",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-406835",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-406835"
},
{
"db": "NVD",
"id": "CVE-2022-21123"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 7) - noarch, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-5505-1\nJuly 07, 2022\n\nlinux-lts-xenial, linux-kvm vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-kvm: Linux kernel for cloud environments\n- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty\n\nDetails:\n\nNorbert Slusarek discovered a race condition in the CAN BCM networking\nprotocol of the Linux kernel leading to multiple use-after-free\nvulnerabilities. A local attacker could use this issue to execute arbitrary\ncode. (CVE-2021-3609)\n\nLikang Luo discovered that a race condition existed in the Bluetooth\nsubsystem of the Linux kernel, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2021-3752)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a\nuse-after-free vulnerability in its NFC Controller Interface (NCI)\nimplementation. A local attacker could possibly use this to cause a denial\nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nSzymon Heidrich discovered that the USB Gadget subsystem in the Linux\nkernel did not properly restrict the size of control requests for certain\ngadget types, leading to possible out of bounds reads or writes. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2021-39685)\n\nIt was discovered that the Ion Memory Manager subsystem in the Linux kernel\ncontained a use-after-free vulnerability. A local attacker could possibly\nuse this to cause a denial of service (system crash) or execute arbitrary\ncode. (CVE-2021-39714)\n\nEric Biederman discovered that the cgroup process migration implementation\nin the Linux kernel did not perform permission checks correctly in some\nsituations. A local attacker could possibly use this to gain administrative\nprivileges. (CVE-2021-4197)\n\nLin Ma discovered that the NFC Controller Interface (NCI) implementation in\nthe Linux kernel contained a race condition, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2021-4202)\n\nSushma Venkatesh Reddy discovered that the Intel i915 graphics driver in\nthe Linux kernel did not perform a GPU TLB flush in some situations. A\nlocal attacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2022-0330)\n\nIt was discovered that the PF_KEYv2 implementation in the Linux kernel did\nnot properly initialize kernel memory in some situations. A local attacker\ncould use this to expose sensitive information (kernel memory). \n(CVE-2022-1353)\n\nIt was discovered that the virtual graphics memory manager implementation\nin the Linux kernel was subject to a race condition, potentially leading to\nan information leak. (CVE-2022-1419)\n\nMinh Yuan discovered that the floppy disk driver in the Linux kernel\ncontained a race condition, leading to a use-after-free vulnerability. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash) or execute arbitrary code. (CVE-2022-1652)\n\nIt was discovered that the Atheros ath9k wireless device driver in the\nLinux kernel did not properly handle some error conditions, leading to a\nuse-after-free vulnerability. A local attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2022-1679)\n\nIt was discovered that the Marvell NFC device driver implementation in the\nLinux kernel did not properly perform memory cleanup operations in some\nsituations, leading to a use-after-free vulnerability. A local attacker\ncould possibly use this to cause a denial of service (system) or execute\narbitrary code. A local attacker could\npossibly use this to expose sensitive information. (CVE-2022-21123)\n\nIt was discovered that some Intel processors did not completely perform\ncleanup actions on microarchitectural fill buffers. A local attacker could\npossibly use this to expose sensitive information. (CVE-2022-21125)\n\nIt was discovered that some Intel processors did not properly perform\ncleanup during specific special register write operations. A local attacker\ncould possibly use this to expose sensitive information. (CVE-2022-21166)\n\nIt was discovered that the USB Gadget file system interface in the Linux\nkernel contained a use-after-free vulnerability. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2022-24958)\n\n\u8d75\u5b50\u8f69 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not\nproperly perform reference counting in some error conditions. A local\nattacker could use this to cause a denial of service. (CVE-2022-28356)\n\nIt was discovered that the 8 Devices USB2CAN interface implementation in\nthe Linux kernel did not properly handle certain error conditions, leading\nto a double-free. A local attacker could possibly use this to cause a\ndenial of service (system crash). (CVE-2022-28388)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n linux-image-4.4.0-1110-kvm 4.4.0-1110.120\n linux-image-kvm 4.4.0.1110.107\n\nUbuntu 14.04 ESM:\n linux-image-4.4.0-229-generic 4.4.0-229.263~14.04.1\n linux-image-4.4.0-229-lowlatency 4.4.0-229.263~14.04.1\n linux-image-generic-lts-xenial 4.4.0.229.199\n linux-image-lowlatency-lts-xenial 4.4.0.229.199\n linux-image-virtual-lts-xenial 4.4.0.229.199\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5505-1\n CVE-2021-3609, CVE-2021-3752, CVE-2021-3760, CVE-2021-39685,\n CVE-2021-39714, CVE-2021-4197, CVE-2021-4202, CVE-2022-0330,\n CVE-2022-1353, CVE-2022-1419, CVE-2022-1652, CVE-2022-1679,\n CVE-2022-1734, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166,\n CVE-2022-24958, CVE-2022-28356, CVE-2022-28388\n\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2041540 - RHACM 2.4 using deprecated APIs in managed clusters\n2074766 - vSphere network name doesn\u0027t allow entering spaces and doesn\u0027t reflect YAML changes\n2079418 - cluster update status is stuck, also update is not even visible\n2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message\n2089490 - Upgraded from RHACM 2.2--\u003e2.3--\u003e2.4 and cannot create cluster\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2097464 - ACM Console Becomes Unusable After a Time\n2100613 - RHACM 2.4.6 images\n2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster\n2102495 - ManagedClusters in Pending import state after ACM hub migration\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici\n2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect\n2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.12 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fix:\n\n* CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\nBug fixes:\n\n* Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856)\n\n* RHACM 2.3.12 images (BZ# 2101411)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation\n2101411 - RHACM 2.3.12 images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n\n5. In addition this updates provides\nmitigations for the \"Retbleed\" speculative execution attack and the\n\"MMIO stale data\" vulnerabilities. \n\nFor additional information please refer to the following pages:\nhttps://xenbits.xen.org/xsa/advisory-404.html\nhttps://xenbits.xen.org/xsa/advisory-407.html\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 4.14.5+24-g87d90d511c-1. \n\nWe recommend that you upgrade your xen packages. \n\nFor the detailed security status of xen please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/xen\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLRp7MACgkQEMKTtsN8\nTjbUmQ/+PCIyYjQJgGT14YBFpKnI/JjdBNRUAlSMK7k3fPhk+J8sQrRx5MqwxRm3\npoejebvnbn2KS1Z/NVaiPnS40ryOOUnLBKVDAHqRvnvrc2GwEblGCmUVaBn+cn4M\n2OCG2wfpgSDk4sk83obDY1qcQW/676eGY47ULwkG9C+n6wNC8FParq71sCA6UQqy\nXSWlU7o7pc17l8B1c2yTzfdDeXjSaXe9pavxNXDrowLi7taeTn5GwzhH4x1fPWrs\nrGHCY8+Kk8Vq8jEIYmZA7bvKuIFcWkcdQpxcAtbgUvtCRzaid19tcf9McvltivKe\nHaHQhkDJxg32DHcefXMNsh+F0pgXoodh97PdqWtjs49jAkaNZb37Eyn4n7Qt4APm\n4oKAT+QA5wYmfDsBzgAczzV9zgY3/nRvYKNH6q9VMOFE3gZfzdzvyHzpegf2VVtf\n7DuJKTi61tlt6aSzcDHlzdUAwW7sHXKFLRxgQu6tFD7NbEHzgj0iBlcFOnKDwa2s\nhHOE6Hlj1GXZUKjol5pRjnM33qGMJmRhnq45qqWaGe21r+EFw2HTAyCacJciPX+a\nQZ4LEy5+zmc8LFBcZq9kZAVkc91EtTiTPjffqHaVd4eAZvxtgCbqdXFdyRZa9ZRD\n+2+e1dRoiIF6L5PotQygXyKwvxU8ca6Ni9isvit3brbLjcGjhZk=\n=pXvE\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: kernel-rt security and bug fix update\nAdvisory ID: RHSA-2022:6437-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6437\nIssue date: 2022-09-13\nCVE Names: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166\n====================================================================\n1. Summary:\n\nAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Real Time (v. 8) - x86_64\nRed Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nBug Fix(es):\n\n* The latest RHEL 8.6.z3 kernel changes need to be merged into the RT\nsource tree to keep source parity between the two kernels. (BZ#2111112)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)\n2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)\n2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)\n\n6. Package List:\n\nRed Hat Enterprise Linux Real Time for NFV (v. 8):\n\nSource:\nkernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm\n\nx86_64:\nkernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\n\nRed Hat Enterprise Linux Real Time (v. 8):\n\nSource:\nkernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm\n\nx86_64:\nkernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\nkernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYyCCBtzjgjWX9erEAQiMVxAAj4C0/6TQ/Wts6/PsnA7c4EJbxOzcjnSf\nbdJSktu0TYTmpmiZI1tZ22LbABATshxGKqzz15bFGQlIE+wHSDxN8NF86XPmdNCF\nYqi8g2YZDLeKd02ggzE8ZOcjuSdkAT09qaTP9AusbQububoCFv/dR4v0UZ3+Mpk2\nBhe1VumtyZVHt4ps06dRVthVCt4HJdPEEOFmoCE4kg+ij6x626dvRuLWFbUclhHe\nqg+5JOBLJx9UCMHMS5X7qrdySfLw6xrqX0QM18ElmCTtnfJ03FQjzw6j6F0gV17a\nxGqDhJJbYby4Uhqe0eNPG5P01UW+8aWyXIxtpuG/uCJ0oC65j4yXpG136fuztx1a\nR+7c2xYeuZ1qrNvYsJDecYtgDwlSuhWJ/S+snlYAgB4HJ6ouHPx2Y0SYu2Xznm/2\nfNj5oV13UioCVvTptBU6dI6ByX8qalq0fIbt+lb5M23vu+zlpMs6b80u3pekC7uR\n3PM9Udb59P9wIcwDlS1v9jSyO/4B3maCh6vtjpdGDBUIbbOSE5E9S7zTR4vHFzhI\nji5EcEHGpBz615xVGi/fSzudyR/2yjzqjazhkX5dYEZ5kOBtOOeAxTIgAQ3yhjt2\n+ZFPoA9cSGTxR3AhZU+lnggpod97b8rD3IqCuz2PetsRoikUTQSIRiKBlp058FAt\n/NJdeWcHmjI=t/FA\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. (CVE-2021-0145)\n\nMark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel\nprocessors did not prevent test and debug logic from being activated at\nruntime. (CVE-2022-21125)\n\nAlysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that\nsome Intel processors improperly optimised security-critical code",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21123"
},
{
"db": "VULHUB",
"id": "VHN-406835"
},
{
"db": "PACKETSTORM",
"id": "169411"
},
{
"db": "PACKETSTORM",
"id": "168018"
},
{
"db": "PACKETSTORM",
"id": "167714"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "167549"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "169304"
},
{
"db": "PACKETSTORM",
"id": "168364"
},
{
"db": "PACKETSTORM",
"id": "169690"
},
{
"db": "PACKETSTORM",
"id": "167862"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21123",
"trust": 2.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/06/16/1",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "169690",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168018",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168538",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167714",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167862",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167549",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168364",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167785",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169719",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169688",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168294",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168021",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168503",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169695",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168076",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169941",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169997",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168461",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168694",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167692",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167545",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170226",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168355",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167746",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-406835",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169411",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169304",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-406835"
},
{
"db": "PACKETSTORM",
"id": "169411"
},
{
"db": "PACKETSTORM",
"id": "168018"
},
{
"db": "PACKETSTORM",
"id": "167714"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "167549"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "169304"
},
{
"db": "PACKETSTORM",
"id": "168364"
},
{
"db": "PACKETSTORM",
"id": "169690"
},
{
"db": "PACKETSTORM",
"id": "167862"
},
{
"db": "NVD",
"id": "CVE-2022-21123"
}
]
},
"id": "VAR-202206-1106",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-406835"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T22:30:33.233000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-459",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-406835"
},
{
"db": "NVD",
"id": "CVE-2022-21123"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220624-0008/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5173"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5178"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2022/dsa-5184"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202208-23"
},
{
"trust": 1.1,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2022/06/16/1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mcvomhbqrh4kp7in6u24cw7f2d2l5kbs/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/t4p2kjyl74kglhe4jzetvw7pzh6ziaba/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rkrxz4lhgcgmog24zcejny6r2bts4s2q/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fhtew3rxu2gw6s3rcpqg4vnczgi3tosv/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21166"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21125"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-21166"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-21123"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-21125"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2588"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2588"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/t4p2kjyl74kglhe4jzetvw7pzh6ziaba/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rkrxz4lhgcgmog24zcejny6r2bts4s2q/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fhtew3rxu2gw6s3rcpqg4vnczgi3tosv/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mcvomhbqrh4kp7in6u24cw7f2d2l5kbs/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45486"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6991"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45485"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45485"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3752"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5505-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3760"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4202"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1353"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31150"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36067"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-20107"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31151"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1080.87~18.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5485-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.13.0-1031.37"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-ibm-5.4/5.4.0-1028.32~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.13.0-1030.33"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1010.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1028.32"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1085.90"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1101.112"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1011.15"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.13/5.13.0-51.58~20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1048.51~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.13/5.13.0-1031.37~20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1070.75"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1080.87~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1136.147"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1122.127"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1048.51"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1009.11"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.13.0-1033.40"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.13.0-1036.43"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1012.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1145.160"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-fde/5.4.0-1085.90+cvm1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-187.198"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.13.0-51.58"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.15.0-39.42"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1048.53"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1130.146"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1078.86~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1085.90~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1010.15"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1080.87"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1076.82"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.13/5.13.0-1036.43~20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1078.86"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.4.0-120.136"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.13/5.13.0-1031.35~20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1012.15"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-5.13/5.13.0-1033.40~20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1076.82~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-intel-5.13/5.13.0-1017.19"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1080.87"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-120.136~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.13.0-1031.35"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1010.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1013.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-39.42"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6271"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/xen"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23816"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26363"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-407.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23825"
},
{
"trust": 0.1,
"url": "https://xenbits.xen.org/xsa/advisory-404.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6437"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7280"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33120"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5535-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33117"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21151"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0145"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21127"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-406835"
},
{
"db": "PACKETSTORM",
"id": "169411"
},
{
"db": "PACKETSTORM",
"id": "168018"
},
{
"db": "PACKETSTORM",
"id": "167714"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "167549"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "169304"
},
{
"db": "PACKETSTORM",
"id": "168364"
},
{
"db": "PACKETSTORM",
"id": "169690"
},
{
"db": "PACKETSTORM",
"id": "167862"
},
{
"db": "NVD",
"id": "CVE-2022-21123"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-406835"
},
{
"db": "PACKETSTORM",
"id": "169411"
},
{
"db": "PACKETSTORM",
"id": "168018"
},
{
"db": "PACKETSTORM",
"id": "167714"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "167549"
},
{
"db": "PACKETSTORM",
"id": "168213"
},
{
"db": "PACKETSTORM",
"id": "169304"
},
{
"db": "PACKETSTORM",
"id": "168364"
},
{
"db": "PACKETSTORM",
"id": "169690"
},
{
"db": "PACKETSTORM",
"id": "167862"
},
{
"db": "NVD",
"id": "CVE-2022-21123"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-406835"
},
{
"date": "2022-10-18T22:30:59",
"db": "PACKETSTORM",
"id": "169411"
},
{
"date": "2022-08-10T15:50:10",
"db": "PACKETSTORM",
"id": "168018"
},
{
"date": "2022-07-07T13:08:49",
"db": "PACKETSTORM",
"id": "167714"
},
{
"date": "2022-09-27T16:01:00",
"db": "PACKETSTORM",
"id": "168538"
},
{
"date": "2022-06-20T16:17:04",
"db": "PACKETSTORM",
"id": "167549"
},
{
"date": "2022-09-01T16:30:25",
"db": "PACKETSTORM",
"id": "168213"
},
{
"date": "2022-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "169304"
},
{
"date": "2022-09-13T15:45:19",
"db": "PACKETSTORM",
"id": "168364"
},
{
"date": "2022-11-02T15:00:04",
"db": "PACKETSTORM",
"id": "169690"
},
{
"date": "2022-07-28T14:56:22",
"db": "PACKETSTORM",
"id": "167862"
},
{
"date": "2022-06-15T20:15:17.503000",
"db": "NVD",
"id": "CVE-2022-21123"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-406835"
},
{
"date": "2024-11-21T06:43:56.673000",
"db": "NVD",
"id": "CVE-2022-21123"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "167714"
},
{
"db": "PACKETSTORM",
"id": "167549"
},
{
"db": "PACKETSTORM",
"id": "167862"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2022-6991-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "169411"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "167714"
}
],
"trust": 0.1
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.