Information Exposure Affecting kernel-debuginfo package, versions <0:4.14.287-215.504.amzn2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-AMZN2-KERNELDEBUGINFO-2957026
- published 21 Jul 2022
- disclosed 5 Jul 2022
Introduced: 5 Jul 2022
CVE-2022-33741 Open this link in a new tabHow to fix?
Upgrade Amazon-Linux:2
kernel-debuginfo
to version 0:4.14.287-215.504.amzn2 or higher.
This issue was patched in ALAS2-2022-1825
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-debuginfo
package and not the kernel-debuginfo
package as distributed by Amazon-Linux
.
See How to fix?
for Amazon-Linux:2
relevant fixed versions and status.
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33741
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
- http://www.openwall.com/lists/oss-security/2022/07/05/6
- http://xenbits.xen.org/xsa/advisory-403.html
- https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
- https://www.debian.org/security/2022/dsa-5191
- https://xenbits.xenproject.org/xsa/advisory-403.txt