VARIoT IoT vulnerabilities database
| VAR-202207-1448 | CVE-2022-32785 | on multiple Apple products. NULL Pointer dereference vulnerability |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing an image may lead to a denial-of-service. iPadOS , iOS , Apple Mac OS X For multiple Apple products such as NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213345.
APFS
Available for: macOS Monterey
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: This issue was addressed with improved checks.
CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu
Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security
CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security
CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32820: an anonymous researcher
Audio
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation
Available for: macOS Monterey
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved checks.
CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar
Available for: macOS Monterey
Impact: An app may be able to access sensitive user information
Description: The issue was addressed with improved handling of
caches.
CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
CoreMedia
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom
(@jaakerblom)
CoreText
Available for: macOS Monterey
Impact: A remote user may cause an unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2022-32793: an anonymous researcher
GPU Drivers
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library
Available for: macOS Monterey
Impact: An app may be able to access sensitive user information
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2022-32849: Joshua Jones
ICU
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
ImageIO
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel
Available for: macOS Monterey
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32813: Xinru Chi of Pangu Lab
CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32829: an anonymous researcher
Liblouis
Available for: macOS Monterey
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China
(nipc.org.cn)
libxml2
Available for: macOS Monterey
Impact: An app may be able to leak sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2022-32823
Multi-Touch
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved
checks.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: An issue in the handling of environment variables was
addressed with improved validation.
CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed with improved checks.
CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit
Available for: macOS Monterey
Impact: An app may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer
Available for: macOS Monterey
Impact: Processing a maliciously crafted Postscript file may result
in unexpected app termination or disclosure of process memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: A user in a privileged network position may be able to leak
sensitive information
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update
Available for: macOS Monterey
Impact: A user in a privileged network position can track a user’s
activity
Description: This issue was addressed by using HTTPS when sending
information over the network.
CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump
Available for: macOS Monterey
Impact: An app may be able to overwrite arbitrary files
Description: This issue was addressed with improved file handling.
CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: This issue was addressed with improved checks.
CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion
Available for: macOS Monterey
Impact: Multiple issues in subversion
Description: Multiple issues were addressed by updating subversion.
CVE-2021-28544: Evgeny Kotkov, visualsvn.com
CVE-2022-24070: Evgeny Kotkov, visualsvn.com
CVE-2022-29046: Evgeny Kotkov, visualsvn.com
CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC
Available for: macOS Monterey
Impact: An app may be able to access sensitive user information
Description: An access issue was addressed with improvements to the
sandbox.
CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit
Available for: macOS Monterey
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 239316
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
WebKit Bugzilla: 240720
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero
Day Initiative
WebRTC
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution.
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 242339
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi
Available for: macOS Monterey
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi
Available for: macOS Monterey
Impact: A remote user may be able to cause unexpected system
termination or corrupt kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32847: Wang Yu of Cyberserval
Windows Server
Available for: macOS Monterey
Impact: An app may be able to capture a user’s screen
Description: A logic issue was addressed with improved checks.
CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X
We would like to acknowledge Shin Sun of National Taiwan University
for their assistance.
AppleMobileFileIntegrity
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.
Calendar
We would like to acknowledge Joshua Jones for their assistance.
configd
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.
DiskArbitration
We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p
rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b
/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh
6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn
Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa
mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9
V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr
pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD
TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q
WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV
fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n
DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=
=ibIr
-----END PGP SIGNATURE-----
.
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote user may be able to cause kernel code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2022-32821: John Aakerblom (@jaakerblom)
Home
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to view restricted content from the lock
screen
Description: A logic issue was addressed with improved state
management. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.6 and iPadOS 15.6"
| VAR-202207-1449 | CVE-2022-32810 | Vulnerabilities in multiple Apple products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. iPadOS , iOS , macOS Unspecified vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.6 and iPadOS 15.6.
Instructions on how to update your Apple Watch software are available
at https://support.apple.com/kb/HT204641 To check the version on
your Apple Watch, open the Apple Watch app on your iPhone and select
"My Watch > General > About". Alternatively, on your watch, select
"My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-07-20-1 iOS 15.6 and iPadOS 15.6
iOS 15.6 and iPadOS 15.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213346.
APFS
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote user may be able to cause kernel code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2022-32788: Natalie Silvanovich of Google Project Zero
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32824: Antonio Zekic (@antoniozekic) and John Aakerblom
(@jaakerblom)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2022-32845: Mohamed Ghannam (@_simo36)
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later,
iPad Pro (3rd generation) and later, iPad Air (3rd generation) and
later, and iPad mini (5th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32840: Mohamed Ghannam (@_simo36)
CVE-2022-32829: an anonymous researcher
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later,
iPad Pro (3rd generation) and later, iPad Air (3rd generation) and
later, and iPad mini (5th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32810: Mohamed Ghannam (@_simo36)
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32820: an anonymous researcher
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32825: John Aakerblom (@jaakerblom)
CoreMedia
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom
(@jaakerblom)
CoreText
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote user may cause an unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2022-32793: an anonymous researcher
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-32821: John Aakerblom (@jaakerblom)
Home
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to view restricted content from the lock
screen
Description: A logic issue was addressed with improved state
management.
CVE-2022-32855: an anonymous researcher
iCloud Photo Library
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to access sensitive user information
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2022-32849: Joshua Jones
ICU
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32841: hjy79425575
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A logic issue was addressed with improved checks.
CVE-2022-32802: Ivan Fratric of Google Project Zero, Mickey Jin
(@patch1t)
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32830: Ye Zhang (@co0py_Cat) of Baidu Security
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing an image may lead to a denial-of-service
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
IOMobileFrameBuffer
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-26768: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32813: Xinru Chi of Pangu Lab
CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with arbitrary kernel read and write capability may be
able to bypass Pointer Authentication
Description: A logic issue was addressed with improved state
management.
CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app with arbitrary kernel read and write capability may be
able to bypass Pointer Authentication
Description: A race condition was addressed with improved state
handling.
CVE-2022-32844: Sreejith Krishnan R (@skr0x1c0)
Liblouis
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China
(nipc.org.cn)
libxml2
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to leak sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2022-32823
Multi-Touch
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PluginKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
Safari Extensions
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Visiting a maliciously crafted website may leak sensitive
data
Description: The issue was addressed with improved UI handling.
CVE-2022-32784: Young Min Kim of CompSec Lab at Seoul National
University
Software Update
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user in a privileged network position can track a user’s
activity
Description: This issue was addressed by using HTTPS when sending
information over the network.
CVE-2022-32857: Jeffrey Paul (sneak.berlin)
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 239316
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
WebKit Bugzilla: 240720
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero
Day Initiative
WebRTC
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 242339
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote user may be able to cause unexpected system
termination or corrupt kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32847: Wang Yu of Cyberserval
Additional recognition
802.1X
We would like to acknowledge Shin Sun of National Taiwan University
for their assistance.
AppleMobileFileIntegrity
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.
configd
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.6 and iPadOS 15.6".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYeuMACgkQeC9qKD1p
rhhc5hAA2emrXEYGmfH1M/gji0MOPflW+wrr0y8buntNyeJYFQbf1xgGkr9hmHlM
DkROvVCXDzuMyH9QDOPNFGPqBTAe/5cL+auNq497f/vGVjEOZ09Y4vC/FVBBklgo
kQND7CoWBhk99PgNxVdJyzkeKhBEs9JrNaIyGVqg8tChTWWghRzyyyQfHpSQfwj1
M9042Kj8w9hi4SrY9R8Oe+QrcCYw/lYo3yO6WIUfajzIs/urT175BFedXS+9l4cK
6srMpa/n67w3XZU9psQBVddlkVDymx1c5Lzuo84haM7TYNddOYDVluP+676Uq0vj
5E24vTuGLS+vdDlJri6WMJv2d7NZ8dtJAVhPioP3ThGGsAXdpT/PmNbkc5R0RbiV
TKs/2CDK4+raGHlOz6leuEfUJtUD1rHLI5n21XBQY1HOvwB9CDqGc5l7FpRoMdaj
DY/8yaIbWKVu1iycA2NAsxfyc9u1QTwwluGmzelpo9XdAWIZ17j6Dkalta9scCQb
akHz3M1PSAYw4ljfGuYYiHElAKuZn/daeAUKZ0zMJOVdHtecliJbV3VlqMzaOKqm
gXWNoBOwCow8Tj80F2dFNTvlQe91L8r7NeQAo7KCzEXbVSQqfemojtrREl5BvmWS
9s7+QxqDWAHSUr+WakmKTESMA3DTlZBhBbUXE+uNRrEwboUQKeI=
=Nnrk
-----END PGP SIGNATURE-----
| VAR-202207-1467 | CVE-2022-32829 | Vulnerabilities in multiple Apple products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
This issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. apple's iPadOS , iOS , macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. A buffer overflow vulnerability exists in Apple iOS. The vulnerability is caused by a boundary error in the operating system kernel when processing untrusted input. iOS 15.6 and iPadOS 15.6
| VAR-202207-1464 | CVE-2022-32840 | Vulnerabilities in multiple Apple products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. iPadOS , iOS , macOS Unspecified vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15.6 and iPadOS 15.6
| VAR-202207-1498 | CVE-2022-32793 | apple's iPadOS Out-of-Bounds Write Vulnerability in Other Vendors' Products |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. apple's iPadOS Products from other vendors have out-of-bounds write vulnerabilities.Information may be obtained. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS versions prior to 15.6 and iPadOS versions prior to 15.6 have a buffer error vulnerability, which is caused by a boundary error in the GPU driver. Native applications can trigger an out-of-bounds write error and execute arbitrary code with root privileges. The vulnerability could allow a local application to escalate privileges on the system. iOS 15.6 and iPadOS 15.6. Alternatively, on your watch, select
"My Watch > General > About".
Information about the security content is also available at
https://support.apple.com/HT213345.
APFS
Available for: macOS Monterey
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: This issue was addressed with improved checks.
CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu
Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security
CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security
CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32820: an anonymous researcher
Audio
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation
Available for: macOS Monterey
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved checks.
CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar
Available for: macOS Monterey
Impact: An app may be able to access sensitive user information
Description: The issue was addressed with improved handling of
caches.
CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom
(@jaakerblom)
CoreText
Available for: macOS Monterey
Impact: A remote user may cause an unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-32793: an anonymous researcher
GPU Drivers
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library
Available for: macOS Monterey
Impact: An app may be able to access sensitive user information
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2022-32849: Joshua Jones
ICU
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
ImageIO
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32841: hjy79425575
ImageIO
Available for: macOS Monterey
Impact: Processing an image may lead to a denial-of-service
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel
Available for: macOS Monterey
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32813: Xinru Chi of Pangu Lab
CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32829: an anonymous researcher
Liblouis
Available for: macOS Monterey
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China
(nipc.org.cn)
libxml2
Available for: macOS Monterey
Impact: An app may be able to leak sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2022-32823
Multi-Touch
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved
checks.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: An issue in the handling of environment variables was
addressed with improved validation.
CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed with improved checks.
CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit
Available for: macOS Monterey
Impact: An app may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer
Available for: macOS Monterey
Impact: Processing a maliciously crafted Postscript file may result
in unexpected app termination or disclosure of process memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: A user in a privileged network position may be able to leak
sensitive information
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update
Available for: macOS Monterey
Impact: A user in a privileged network position can track a user’s
activity
Description: This issue was addressed by using HTTPS when sending
information over the network.
CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump
Available for: macOS Monterey
Impact: An app may be able to overwrite arbitrary files
Description: This issue was addressed with improved file handling.
CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: This issue was addressed with improved checks.
CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion
Available for: macOS Monterey
Impact: Multiple issues in subversion
Description: Multiple issues were addressed by updating subversion.
CVE-2021-28544: Evgeny Kotkov, visualsvn.com
CVE-2022-24070: Evgeny Kotkov, visualsvn.com
CVE-2022-29046: Evgeny Kotkov, visualsvn.com
CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC
Available for: macOS Monterey
Impact: An app may be able to access sensitive user information
Description: An access issue was addressed with improvements to the
sandbox.
CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit
Available for: macOS Monterey
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 239316
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
WebKit Bugzilla: 240720
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero
Day Initiative
WebRTC
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution.
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 242339
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi
Available for: macOS Monterey
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi
Available for: macOS Monterey
Impact: A remote user may be able to cause unexpected system
termination or corrupt kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32847: Wang Yu of Cyberserval
Windows Server
Available for: macOS Monterey
Impact: An app may be able to capture a user’s screen
Description: A logic issue was addressed with improved checks.
CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X
We would like to acknowledge Shin Sun of National Taiwan University
for their assistance.
AppleMobileFileIntegrity
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.
Calendar
We would like to acknowledge Joshua Jones for their assistance.
configd
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.
DiskArbitration
We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p
rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b
/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh
6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn
Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa
mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9
V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr
pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD
TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q
WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV
fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n
DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=
=ibIr
-----END PGP SIGNATURE-----
.
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote user may be able to cause kernel code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2022-32821: John Aakerblom (@jaakerblom)
Home
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to view restricted content from the lock
screen
Description: A logic issue was addressed with improved state
management. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.6 and iPadOS 15.6"
| VAR-202207-1447 | CVE-2022-32781 | Vulnerabilities in multiple Apple products |
CVSS V2: - CVSS V3: 4.4 Severity: MEDIUM |
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information. iPadOS , iOS , Apple Mac OS X Unspecified vulnerabilities exist in multiple Apple products.Information may be obtained.
Information about the security content is also available at
https://support.apple.com/HT213344.
APFS
Available for: macOS Big Sur
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
AppleScript
Available for: macOS Big Sur
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: This issue was addressed with improved checks.
CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu
Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript
Available for: macOS Big Sur
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript
Available for: macOS Big Sur
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio
Available for: macOS Big Sur
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32825: John Aakerblom (@jaakerblom)
Audio
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32820: an anonymous researcher
Calendar
Available for: macOS Big Sur
Impact: An app may be able to access sensitive user information
Description: The issue was addressed with improved handling of
caches.
CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
Calendar
Available for: macOS Big Sur
Impact: An app may be able to access user-sensitive data
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2022-32849: Joshua Jones
CoreText
Available for: macOS Big Sur
Impact: A remote user may cause an unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32781: Wojciech Reguła (@_r3ggi) of SecuRing
File System Events
Available for: macOS Big Sur
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-32819: Joshua Mason of Mandiant
ICU
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
ImageIO
Available for: macOS Big Sur
Impact: Processing an image may lead to a denial-of-service
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Intel Graphics Driver
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2022-32811: ABC Research s.r.o
Kernel
Available for: macOS Big Sur
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32815: Xinru Chi of Pangu Lab
CVE-2022-32813: Xinru Chi of Pangu Lab
libxml2
Available for: macOS Big Sur
Impact: An app may be able to leak sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2022-32823
PackageKit
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file
system
Description: An issue in the handling of environment variables was
addressed with improved validation.
CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed with improved checks.
CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit
Available for: macOS Big Sur
Impact: An app may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer
Available for: macOS Big Sur
Impact: Processing a maliciously crafted Postscript file may result
in unexpected app termination or disclosure of process memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
Software Update
Available for: macOS Big Sur
Impact: A user in a privileged network position can track a user’s
activity
Description: This issue was addressed by using HTTPS when sending
information over the network.
CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump
Available for: macOS Big Sur
Impact: An app may be able to overwrite arbitrary files
Description: This issue was addressed with improved file handling.
CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight
Available for: macOS Big Sur
Impact: An app may be able to gain elevated privileges
Description: A validation issue in the handling of symlinks was
addressed with improved validation of symlinks.
CVE-2022-26704: Joshua Mason of Mandiant
TCC
Available for: macOS Big Sur
Impact: An app may be able to access sensitive user information
Description: An access issue was addressed with improvements to the
sandbox.
CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Vim
Available for: macOS Big Sur
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating Vim.
CVE-2022-0156
CVE-2022-0158
Wi-Fi
Available for: macOS Big Sur
Impact: A remote user may be able to cause unexpected system
termination or corrupt kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32847: Wang Yu of Cyberserval
Windows Server
Available for: macOS Big Sur
Impact: An app may be able to capture a user’s screen
Description: A logic issue was addressed with improved checks.
CVE-2022-32848: Jeremy Legendre of MacEnhance
macOS Big Sur 11.6.8 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYf6sACgkQeC9qKD1p
rhgOJBAAtzyKOqdTnnBbwbFoG/HoZIbCVSVOtI5VIGH1weMQ72R3X2tXB5yTlpto
3l/eoMe0/covxipiZ+CvTh9tM5ZfV3IxN4bpsbxew1R/s81YE2K55dFp5+4zzqgh
YyWrx8SntngP9PywAdKa+GRZrW7R95oNp2UTwifcQvFPs40F/OPrNQm23Xkmqsx0
zNNvMmqPaeCU8mgIOadO/uv626LjnkyKdwHKM3VBxGmklNEddQDjjoWcYugH7QYj
e28EpKINEYfGVP/5n4uSeP6+kXmJj9nLzdKzfBD78gyBu5NX3Ai5Wh1BbsFMoFYE
wcqlgEjMk3440babLb9kSRm81NX+EPgJLtjVPNRIrqs8pTh95CcDTRsotDUDl03R
BrP6XGyXiS+3XyhdbamJDG9pCthJdo455XaYOlmzgIfgTJMkX3kdxiMAgGvbkPVl
3IesUuChRvi6pZwTWXN4k5Rn9epZSV+9HaYplnFPScJpYeLzUKThz1P2KbMTd0CT
fiBU+fxwQqfzGRX3gyzRz0DMqiGdk0PnO9pfWND+9lQDyht7s73XnZrVOnPZHGYC
tiNdrEHm+4WKaEwl/5invCZ8vPaiJ9cTH/aSbeRkeqR8ilDQMIhm2xooSP8Sd00E
gTOoTOANfxrOqkFWhj0HQEq5OmCeALkE8BqiLuOVVIrN4e2LgPg=
=6wU+
-----END PGP SIGNATURE-----
| VAR-202207-1385 | CVE-2022-2030 | plural ZyXEL Past traversal vulnerabilities in products |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device. usg flex 100w firmware, USG FLEX 200 firmware, USG FLEX 500 firmware etc. ZyXEL The product contains a path traversal vulnerability.Information may be obtained
| VAR-202207-2120 | No CVE | Zeon Electronics (Shenzhen) Co., Ltd. EX300_V2 Exists Binary Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
EX300_V2 is a repeater from Zeon Electronics (Shenzhen) Co., Ltd.
The EX300_V2 of Zeon Electronics (Shenzhen) Co., Ltd. has a binary vulnerability, which can be exploited by an attacker to gain control of the server.
| VAR-202207-1298 | CVE-2022-30526 | plural ZyXEL Product permission management vulnerabilities |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device. ZyXEL The product contains a vulnerability in permission management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202207-1422 | CVE-2022-34029 | Nginx NJS Out-of-bounds read vulnerability in |
CVSS V2: - CVSS V3: 9.1 Severity: CRITICAL |
Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. Nginx NJS Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. njs is one of the scripting language components that supports extending NGINX functionality. There is a security vulnerability in Nginx NJS 0.7.4, which is caused by the out-of-bounds reading problem of njs_scope_value in the njs_scope.h file
| VAR-202207-1405 | CVE-2022-23745 | of Check Point Software Technologies Android for capsule workspace Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
A potential memory corruption issue was found in Capsule Workspace Android app (running on GrapheneOS). This could result in application crashing but could not be used to gather any sensitive information. of Check Point Software Technologies Android for capsule workspace Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202207-1404 | CVE-2022-34028 | Nginx NJS Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. Nginx NJS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. njs is one of the scripting language components that supports extending NGINX functionality
| VAR-202207-1356 | CVE-2022-34030 | Nginx NJS Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. Nginx NJS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. njs is one of the scripting language components that supports extending NGINX functionality
| VAR-202207-1338 | CVE-2022-34031 | Nginx NJS Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. Nginx NJS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. njs is one of the scripting language components that supports extending NGINX functionality. There is a security vulnerability in Nginx NJS v0.7.5, which is caused by the fact that njs_value_to_number in src/njs_value_conversion.h contains illegal segments
| VAR-202207-1358 | CVE-2021-33656 | Ubuntu Security Notice USN-5591-1 |
CVSS V2: - CVSS V3: 6.8 Severity: MEDIUM |
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. ==========================================================================
Ubuntu Security Notice USN-5650-1
September 30, 2022
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)
It was discovered that the virtual terminal driver in the Linux kernel did
not properly handle VGA console font changes, leading to an out-of-bounds
write. A local attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2021-33656)
Christian Brauner discovered that the XFS file system implementation in the
Linux kernel did not properly handle setgid file creation. A local attacker
could use this to gain elevated privileges. (CVE-2021-4037)
It was discovered that the ext4 file system implementation in the Linux
kernel did not properly initialize memory in some situations. A privileged
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2022-0850)
Duoming Zhou discovered that the AX.25 amateur radio protocol
implementation in the Linux kernel did not handle detach events properly in
some situations. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-1199)
Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol
implementation in the Linux kernel during device detach operations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-1204)
Norbert Slusarek discovered that a race condition existed in the perf
subsystem in the Linux kernel, resulting in a use-after-free vulnerability.
A privileged local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1729)
It was discovered that the Packet network protocol implementation in the
Linux kernel contained an out-of-bounds access. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-20368)
It was discovered that the Open vSwitch implementation in the Linux kernel
contained an out of bounds write vulnerability in certain situations. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-2639)
Jann Horn discovered that the ASIX AX88179/178A USB Ethernet driver in the
Linux kernel contained multiple out-of-bounds vulnerabilities. A local
attacker with physical access could plug in a specially crafted USB device
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-2964)
Hao Sun and Jiacheng Xu discovered that the NILFS file system
implementation in the Linux kernel contained a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-2978)
Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in
the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly expose sensitive information (kernel
memory). (CVE-2022-3028)
It was discovered that the Journaled File System (JFS) in the Linux kernel
contained a null pointer dereference in some situations. A local attacker
could use this to cause a denial of service (system crash). (CVE-2022-3202)
Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter
subsystem in the Linux kernel did not properly handle rules that truncated
packets below the packet header size. When such rules are in place, a
remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2022-36946)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
linux-image-4.4.0-1114-kvm 4.4.0-1114.124
linux-image-4.4.0-1151-aws 4.4.0-1151.166
linux-image-4.4.0-234-generic 4.4.0-234.268
linux-image-4.4.0-234-lowlatency 4.4.0-234.268
linux-image-aws 4.4.0.1151.155
linux-image-generic 4.4.0.234.240
linux-image-kvm 4.4.0.1114.111
linux-image-lowlatency 4.4.0.234.240
linux-image-virtual 4.4.0.234.240
Ubuntu 14.04 ESM:
linux-image-4.4.0-1113-aws 4.4.0-1113.119
linux-image-4.4.0-234-generic 4.4.0-234.268~14.04.1
linux-image-4.4.0-234-lowlatency 4.4.0-234.268~14.04.1
linux-image-aws 4.4.0.1113.110
linux-image-generic-lts-xenial 4.4.0.234.203
linux-image-lowlatency-lts-xenial 4.4.0.234.203
linux-image-virtual-lts-xenial 4.4.0.234.203
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-5650-1
CVE-2021-33655, CVE-2021-33656, CVE-2021-4037, CVE-2022-0850,
CVE-2022-1199, CVE-2022-1204, CVE-2022-1729, CVE-2022-20368,
CVE-2022-2639, CVE-2022-2964, CVE-2022-2978, CVE-2022-3028,
CVE-2022-3202, CVE-2022-36946
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2023:2951-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2951
Issue date: 2023-05-16
CVE Names: CVE-2021-26341 CVE-2021-33655 CVE-2021-33656
CVE-2022-1462 CVE-2022-1679 CVE-2022-1789
CVE-2022-2196 CVE-2022-2663 CVE-2022-3028
CVE-2022-3239 CVE-2022-3522 CVE-2022-3524
CVE-2022-3564 CVE-2022-3566 CVE-2022-3567
CVE-2022-3619 CVE-2022-3623 CVE-2022-3625
CVE-2022-3628 CVE-2022-3707 CVE-2022-4129
CVE-2022-20141 CVE-2022-25265 CVE-2022-30594
CVE-2022-39188 CVE-2022-39189 CVE-2022-41218
CVE-2022-41674 CVE-2022-42703 CVE-2022-42720
CVE-2022-42721 CVE-2022-42722 CVE-2022-43750
CVE-2022-47929 CVE-2023-0394 CVE-2023-0461
CVE-2023-1195 CVE-2023-1582 CVE-2023-23454
====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, x86_64
3.
The following packages have been upgraded to a later upstream version:
kernel (4.18.0). (BZ#2122230, BZ#2122267)
Security Fix(es):
* use-after-free caused by l2cap_reassemble_sdu() in
net/bluetooth/l2cap_core.c (CVE-2022-3564)
* net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)
* hw: cpu: AMD CPUs may transiently execute beyond unconditional direct
branch (CVE-2021-26341)
* malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory
(CVE-2021-33655)
* when setting font with malicious data by ioctl PIO_FONT, kernel will
write memory out of bounds (CVE-2021-33656)
* possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462)
* use-after-free in ath9k_htc_probe_device() could cause an escalation of
privileges (CVE-2022-1679)
* KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)
* KVM: nVMX: missing IBPB when exiting from nested guest can lead to
Spectre v2 attacks (CVE-2022-2196)
* netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663)
* race condition in xfrm_probe_algs can lead to OOB read/write
(CVE-2022-3028)
* media: em28xx: initialize refcount before kref_get (CVE-2022-3239)
* race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522)
* memory leak in ipv6_renew_options() (CVE-2022-3524)
* data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566)
* data races around sk->sk_prot (CVE-2022-3567)
* memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c
(CVE-2022-3619)
* denial of service in follow_page_pte in mm/gup.c due to poisoned pte
entry (CVE-2022-3623)
* use-after-free after failed devlink reload in devlink_param_get
(CVE-2022-3625)
* USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)
* Double-free in split_2MB_gtt_entry when function
intel_gvt_dma_map_guest_page failed (CVE-2022-3707)
* l2tp: missing lock when clearing sk_user_data can lead to NULL pointer
dereference (CVE-2022-4129)
* igmp: use-after-free in ip_check_mc_rcu when opening and closing inet
sockets (CVE-2022-20141)
* Executable Space Protection Bypass (CVE-2022-25265)
* Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP
option (CVE-2022-30594)
* unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to
stale TLB entry (CVE-2022-39188)
* TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading
to guest malfunctioning (CVE-2022-39189)
* Report vmalloc UAF in dvb-core/dmxdev (CVE-2022-41218)
* u8 overflow problem in cfg80211_update_notlisted_nontrans()
(CVE-2022-41674)
* use-after-free related to leaf anon_vma double reuse (CVE-2022-42703)
* use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720)
* BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c
(CVE-2022-42721)
* Denial of service in beacon protection for P2P-device (CVE-2022-42722)
* memory corruption in usbmon driver (CVE-2022-43750)
* NULL pointer dereference in traffic control subsystem (CVE-2022-47929)
* NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394)
* use-after-free caused by invalid pointer hostname in fs/cifs/connect.c
(CVE-2023-1195)
* Soft lockup occurred during __page_mapcount (CVE-2023-1582)
* slab-out-of-bounds read vulnerabilities in cbq_classify (CVE-2023-23454)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.8 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
2055499 - CVE-2022-25265 kernel: Executable Space Protection Bypass
2061703 - CVE-2021-26341 hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch
2078466 - CVE-2022-1462 kernel: possible race condition in drivers/tty/tty_buffers.c
2079311 - VMs hang after migration
2084125 - CVE-2022-1679 kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges
2085300 - CVE-2022-30594 kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
2090723 - CVE-2022-1789 kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva
2108691 - CVE-2021-33655 kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory
2108696 - CVE-2021-33656 kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds
2114937 - CVE-2022-20141 kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets
2116444 - kernel: Backport vfork support for time namespaces
2122228 - CVE-2022-3028 kernel: race condition in xfrm_probe_algs can lead to OOB read/write
2122960 - CVE-2022-41218 kernel: Report vmalloc UAF in dvb-core/dmxdev
2123056 - CVE-2022-2663 kernel: netfilter: nf_conntrack_irc message handling issue
2123854 - Backport kernel audit enhancements and fixes up to upstream v6.1
2124788 - CVE-2022-39189 kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning
2127985 - CVE-2022-3239 kernel: media: em28xx: initialize refcount before kref_get
2130141 - CVE-2022-39188 kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
2131339 - CVE-2022-4269 kernel: net: CPU soft lockup in TC mirred egress-to-ingress action [rhel-8.8.0]
2131391 - fuse readdir cache sometimes corrupted
2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse
2134377 - CVE-2022-41674 kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans()
2134451 - CVE-2022-42720 kernel: use-after-free in bss_ref_get in net/wireless/scan.c
2134506 - CVE-2022-42721 kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c
2134517 - CVE-2022-42722 kernel: Denial of service in beacon protection for P2P-device
2134528 - CVE-2022-4129 kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference
2137979 - CVE-2022-3707 kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed
2139728 - [Azure][RHEL8] Live resize of disk does not trigger a rescan of the device capacity
2140163 - error 524 from seccomp(2) when trying to load filter
2143893 - CVE-2022-3566 kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt
2143943 - CVE-2022-3567 kernel: data races around sk->sk_prot
2144720 - CVE-2022-3625 kernel: use-after-free after failed devlink reload in devlink_param_get
2150947 - CVE-2022-3524 kernel: memory leak in ipv6_renew_options()
2150960 - CVE-2022-3628 kernel: USB-accessible buffer overflow in brcmfmac
2150979 - CVE-2022-3522 kernel: race condition in hugetlb_no_page() in mm/hugetlb.c
2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c
2151270 - CVE-2022-43750 kernel: memory corruption in usbmon driver
2152133 - In FIPS mode, the kernel should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after 2023-05-16
2154171 - CVE-2023-1195 kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c
2154235 - CVE-2022-3619 kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c
2154880 - [rhel8] LTP: read_all_sys - RIP: 0010:intel_rps_get_max_frequency+0x5/0x40 [i915]
2159969 - backport vsock fixes for RHEL-8.8
2160023 - CVE-2022-2196 kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks
2162120 - CVE-2023-0394 kernel: NULL pointer dereference in rawv6_push_pending_frames
2165721 - CVE-2022-3623 kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry
2166364 - NFS hang on large dirs with kenel 4.18.0-448.el8.x86_64
2168246 - CVE-2022-47929 kernel: NULL pointer dereference in traffic control subsystem
2168297 - CVE-2023-23454 kernel: slab-out-of-bounds read vulnerabilities in cbq_classify
2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets
2180936 - CVE-2023-1582 kernel: Soft lockup occurred during __page_mapcount
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
kernel-4.18.0-477.10.1.el8_8.src.rpm
aarch64:
bpftool-4.18.0-477.10.1.el8_8.aarch64.rpm
bpftool-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-core-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-cross-headers-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-debug-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-debug-core-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-debug-devel-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-debug-modules-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-debug-modules-extra-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-devel-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-headers-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-modules-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-modules-extra-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-tools-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-tools-libs-4.18.0-477.10.1.el8_8.aarch64.rpm
perf-4.18.0-477.10.1.el8_8.aarch64.rpm
perf-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm
python3-perf-4.18.0-477.10.1.el8_8.aarch64.rpm
python3-perf-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm
noarch:
kernel-abi-stablelists-4.18.0-477.10.1.el8_8.noarch.rpm
kernel-doc-4.18.0-477.10.1.el8_8.noarch.rpm
ppc64le:
bpftool-4.18.0-477.10.1.el8_8.ppc64le.rpm
bpftool-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-core-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-cross-headers-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-debug-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-debug-core-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-debug-devel-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-debug-modules-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-devel-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-headers-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-modules-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-modules-extra-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-tools-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-tools-libs-4.18.0-477.10.1.el8_8.ppc64le.rpm
perf-4.18.0-477.10.1.el8_8.ppc64le.rpm
perf-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm
python3-perf-4.18.0-477.10.1.el8_8.ppc64le.rpm
python3-perf-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm
s390x:
bpftool-4.18.0-477.10.1.el8_8.s390x.rpm
bpftool-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-core-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-cross-headers-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-debug-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-debug-core-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-debug-devel-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-debug-modules-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-debug-modules-extra-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-devel-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-headers-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-modules-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-modules-extra-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-tools-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-zfcpdump-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-zfcpdump-core-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-zfcpdump-devel-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-zfcpdump-modules-4.18.0-477.10.1.el8_8.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-477.10.1.el8_8.s390x.rpm
perf-4.18.0-477.10.1.el8_8.s390x.rpm
perf-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm
python3-perf-4.18.0-477.10.1.el8_8.s390x.rpm
python3-perf-debuginfo-4.18.0-477.10.1.el8_8.s390x.rpm
x86_64:
bpftool-4.18.0-477.10.1.el8_8.x86_64.rpm
bpftool-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-core-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-cross-headers-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-debug-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-debug-core-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-debug-devel-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-debug-modules-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-debug-modules-extra-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-devel-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-headers-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-modules-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-modules-extra-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-tools-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-tools-libs-4.18.0-477.10.1.el8_8.x86_64.rpm
perf-4.18.0-477.10.1.el8_8.x86_64.rpm
perf-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm
python3-perf-4.18.0-477.10.1.el8_8.x86_64.rpm
python3-perf-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
bpftool-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm
kernel-tools-libs-devel-4.18.0-477.10.1.el8_8.aarch64.rpm
perf-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm
python3-perf-debuginfo-4.18.0-477.10.1.el8_8.aarch64.rpm
ppc64le:
bpftool-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-477.10.1.el8_8.ppc64le.rpm
perf-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm
python3-perf-debuginfo-4.18.0-477.10.1.el8_8.ppc64le.rpm
x86_64:
bpftool-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-debug-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-tools-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm
kernel-tools-libs-devel-4.18.0-477.10.1.el8_8.x86_64.rpm
perf-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm
python3-perf-debuginfo-4.18.0-477.10.1.el8_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZGNu39zjgjWX9erEAQjR8A//doUSB647itItEwNVjnWUYBQhY5vM+LNx
0bBO7uUOtEno6Fo0yus1y7uVRoR6AjNghnL+4TumuMh9c5OGYrpCE3ij3ImN/RSX
zbImH13s1HaeyPxXroEUhwTcAwODXicrqMu0MYOe3rqC66q+Bf7nfdxBn5KubgzX
0niXjah23bXzlQ61vsDYm/0ctUommRZyMaDFD2Pm6OycaKOJOCudiFx3sj+p0Bxw
x2lDXyZpKoSpkHj9xGTzU99AvmQO/HmGjuDtx6tBH9IHRZSQWfPwqxsNUvpc7lp7
ZWbxrOl7IyJPMGqUXP6knpXsd+/rxEck2RlKyCCNQM75h6EYgYtt1NzXuQkhUj2S
yRHr36YTfhXqfXTlrCHPzDca11PmYpNLwQ21PjePgmB2/eHypOxUKVT67sZY+RLp
saJacLhc5xw+Wv/aV+NOrReZtT70M8HgGEA4U7NdStJh2uOBOzMGyRTIUCXtbHLT
S/65Gp6+54Ez2xWD6Cgwb/R6iS4AQv0IzE4ggi5Im0BvOXgae54DBn8hqcCHOi+0
UdiB0+ILRt+m/24rxPUEuDY2N+/f/9HKyZ7FD92lBJZ8S9x1EeOEvXXmVtFwMuAE
Oxt2DDjydHtoP/GrbaTNvGHOZdjCIXtKZp9aVCBtqGjIKqIzF8TwKX7+drdMS9hn
7ISc7Ji2irg=bvSS
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. 8) - x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied. Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.5.9 General
Availability release images, which fix security issues and update container
images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images
Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs. Bugs fixed (https://bugzilla.redhat.com/):
2208376 - CVE-2023-32314 vm2: Sandbox Escape
2208377 - CVE-2023-32313 vm2: Inspect Manipulation
5
| VAR-202207-1155 | CVE-2022-23142 | ZTE of zxen cg200 Firmware vulnerabilities |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible. ZTE of zxen cg200 There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. ZTE ZXEN CG200 is a government-enterprise gateway device of China ZTE Corporation (ZTE).
There is a denial of service vulnerability in ZXEN CG200 V1.0.0P1N5_M and previous versions, which is caused by improper processing of a large number of message requests
| VAR-202207-1110 | CVE-2022-35404 | plural Zoho Corporation Product input verification vulnerabilities |
CVSS V2: - CVSS V3: 8.2 Severity: HIGH |
ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. ManageEngine OpManager , manageengine network configuration manager , ManageEngine NetFlow Analyzer etc. multiple Zoho Corporation The product contains an input validation vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state
| VAR-202207-1613 | CVE-2022-34027 | Nginx NJS Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. Nginx NJS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. njs is one of the scripting language components that supports extending NGINX functionality
| VAR-202207-1303 | CVE-2022-34032 | Nginx NJS Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Nginx NJS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. njs is one of the scripting language components that supports extending NGINX functionality
| VAR-202207-1223 | CVE-2022-35871 | Inductive Automation Ignition Access Control Error Vulnerability |
CVSS V2: 7.6 CVSS V3: 8.1 Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206. Inductive Automation of Ignition There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Inductive Automation Ignition is a comprehensive platform for industrial automation that provides scalable solutions for monitoring, control, data collection, and analysis