SB20230118102 - Multiple vulnerabilities in Oracle Linux

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20230118102

SB20230118102 - Multiple vulnerabilities in Oracle Linux

Published: January 18, 2023 Updated: February 14, 2023

Security Bulletin ID SB20230118102
Severity
Critical
Patch available
YES
Number of vulnerabilities 44
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 2% High 11% Medium 32% Low 55%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 44 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2022-0235)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application follows the "Location" HTTP header redirect and passes authorization cookie to a third-party resource. A remote attacker can gain access to sensitive information.


2) Out-of-bounds read (CVE-ID: CVE-2022-42011)

The vulnerability allows a local user to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error caused by an invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element. A local user can trigger an out-of-bounds read and gain access to sensitive information.


3) Use-after-free (CVE-ID: CVE-2022-42012)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error caused by a message in non-native endianness with out-of-band Unix file descriptors. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

4) Double Free (CVE-ID: CVE-2022-2519)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the rotateImage() function in tiffcrop.c. A remote attacker can pass a specially crafted file to the application, trigger a double free and perform a denial of service (DoS) attack.

5) Reachable Assertion (CVE-ID: CVE-2022-2520)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the rotateImage() function in tiffcrop.c. A remote attacker can pass a specially crafted file to the application, trigger assertion failure and perform a denial of service (DoS) attack.


6) Release of invalid pointer or reference (CVE-ID: CVE-2022-2521)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an invalid pointer free operation within the TIFFClose() function in tif_close.c. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.

7) Out-of-bounds read (CVE-ID: CVE-2022-4144)

The vulnerability allows a malicious guest user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the qxl_phys2virt() function in the QXL display device emulation in QEMU. A malicious guest user can trigger an out-of-bounds read error and crash the QEMU process on the host


8) Out-of-bounds write (CVE-ID: CVE-2022-2601)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to a boundary error within the grub_font_construct_glyph() function when handling pf2 font. An attacker with physical access to the affected system can trigger an out-of-bounds write and bypass secure boot restrictions.


9) Out-of-bounds write (CVE-ID: CVE-2022-3775)

The vulnerability allows an attacker to crash the system.

The vulnerability exists due to a boundary error when rendering certain unicode sequences in grub2 font code. An attacker with physical access to device can trigger an out-of-bounds write and perform a denial of service (DoS) attack.


10) Off-by-one (CVE-ID: CVE-2021-46848)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an ETYPE_OK off-by-one error in asn1_encode_simple_der in Libtasn1. A remote attacker can pass specially crafted data to the application, trigger an off-by-one error and perform a denial of service (DoS) attack.


11) Improper Validation of Array Index (CVE-ID: CVE-2022-35737)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when handling an overly large input passed as argument to a C API. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


12) Integer underflow (CVE-ID: CVE-2022-2867)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow within the tiffcrop utility. A remote attacker can pass a specially crafted file to the affected application, trigger an integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


13) Out-of-bounds read (CVE-ID: CVE-2022-2868)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the tiffcrop utility. A remote attacker can pass a specially crafted file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.


14) Integer underflow (CVE-ID: CVE-2022-2869)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow within the extractContigSamples8bits routine in the tiffcrop utility. A remote attacker can pass  a specially crafted file to the affected application, trigger an integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


15) Out-of-bounds read (CVE-ID: CVE-2022-2953)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the extractImageSection() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

16) Off-by-one (CVE-ID: CVE-2022-3821)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the format_timespan() function in time-util.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.



17) Access of Uninitialized Pointer (CVE-ID: CVE-2022-42895)

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to unauthorized access of uninitialized pointer within the l2cap_parse_conf_req() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to the affected device can gain access to sensitive information.


18) Division by zero (CVE-ID: CVE-2022-2056)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error when parsing TIFF files in tiffcrop. A remote attacker can trick the victim to open a specially crafted file and crash the affected application.


19) Division by zero (CVE-ID: CVE-2022-2057)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error when parsing TIFF files in tiffcrop. A remote attacker can trick the victim to open a specially crafted file and crash the affected application.

20) Division by zero (CVE-ID: CVE-2022-2058)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error when parsing TIFF files in tiffcrop. A remote attacker can trick the victim to open a specially crafted file and crash the affected application.


21) Reachable Assertion (CVE-ID: CVE-2022-42010)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in debug builds caused by a syntactically invalid type signature with incorrectly nested parentheses and curly brackets. A local user can perform a denial of service (DoS) attack.


22) Use-after-free (CVE-ID: CVE-2022-42896)

The vulnerability allows an attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the l2cap_connect() and l2cap_le_connect_req() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to the affected device can trigger a use-after-free error and execute arbitrary code on the system.



23) Stack-based buffer overflow (CVE-ID: CVE-2022-46340)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error  within the swap handler for the XTestFakeInput request of the XTest extension if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.



24) Resource exhaustion (CVE-ID: CVE-2021-44906)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.


25) Out-of-bounds read (CVE-ID: CVE-2022-46341)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling XIPassiveUngrab requests. A local user can trigger an out-of-bounds read error and read contents of memory on the system.


26) Use-after-free (CVE-ID: CVE-2022-46342)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error when handling XvdiSelectVideoNotify requests. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.



27) Use-after-free (CVE-ID: CVE-2022-46343)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error when handling ScreenSaverSetAttributes requests. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.




28) Out-of-bounds read (CVE-ID: CVE-2022-46344)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling XIChangeProperty requests. A local user can trigger an out-of-bounds read error and read contents of memory on the system.


29) Type Confusion (CVE-ID: CVE-2022-42856)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.


30) Resource management error (CVE-ID: CVE-2022-2132)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the copy_desc_to_mbuf() function when processing Vhost header. A remote guest can send a packet with the Vhost header crossing more than two descriptors and force application to allocate all available mbufs, causing a denial of service condition for the other guest running on the hypervisor.


31) Integer overflow (CVE-ID: CVE-2022-40303)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in parse.c when processing content when XML_PARSE_HUGE is set. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


32) Resource management error (CVE-ID: CVE-2022-40304)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in entities.c due to the way libxml2 handles reference cycles. The library does not anticipate that entity content can be allocated from a dict and clears it upon reference cycle detection by setting its first byte to zero. This can lead to memory corruption  issues, such as double free errors and result in a denial of service.


33) Out-of-bounds write (CVE-ID: CVE-2022-42920)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the API. A remote attacker can create a specially crafted request to the affected application, trigger an out-of-bounds write and execute arbitrary code on the target system.


34) Stack-based buffer overflow (CVE-ID: CVE-2022-4378)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the __do_proc_dointvec() function. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.


35) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-2625)

The vulnerability allows a remote user to escalate privileges within the database.

The vulnerability exists due to extension scripts can replace objects that do not belong to the extension when using the CREATE OR REPLACE or CREATE IF NOT EXISTS commands. A remote user with (1) permissions to create non-temporary objects in at least one schema, (2) ability to lure or wait for an administrator to create or update an affected extension in that schema, and (3) ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS can run arbitrary code as the victim role.


36) Out-of-bounds write (CVE-ID: CVE-2022-2964)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


37) Buffer overflow (CVE-ID: CVE-2022-4139)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the i915 kernel driver on Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.



38) Use-after-free (CVE-ID: CVE-2022-4283)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error when handling XkbCopyNames requests. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

39) Incorrect authorization (CVE-ID: CVE-2019-25058)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to unspecified error within the usbguard-dbus daemon. A local user can allow all USB devices to be connected in the future.


40) Input validation error (CVE-ID: CVE-2023-21538)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in .NET. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


41) Use-after-free (CVE-ID: CVE-2022-43680)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.


42) Prototype pollution (CVE-ID: CVE-2022-24999)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and perform a denial of service (DoS) attack.



43) Incorrect Regular Expression (CVE-ID: CVE-2022-3517)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


44) Reliance on Reverse DNS Resolution for a Security-Critical Action (CVE-ID: CVE-2022-43548)

The vulnerability allows a remote attacker to perform DNS rebinding attacks.

The vulnerability exists due to improper validation of octal IP address within the Node.js rebinding protector for --inspec. A remote attacker can resolve the invalid octal address via DNS. When combined with an active --inspect session, such as when using VSCode, an attacker can perform DNS rebinding and execute arbitrary code in client's browser.


Remediation

Install update from vendor's website.

References