Linux 內核多個漏洞
最後更新
2024年08月22日
發佈日期:
2022年02月04日
969
觀看次數
風險: 中度風險
類型: 操作系統 - LINUX
於 Linux Kernel 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升及洩露敏感資料。
注意:
CVE-2022-0185 漏洞正被廣泛利用。非特權本機使用者可以利用此漏洞開啟不支援檔案系統上下文 API 的檔案系統並在系統上執行權限升級。風險等級評定為中度風險。
[更新於 2024-08-22]
更新內容。
影響
- 阻斷服務
- 權限提升
- 資料洩露
受影響之系統或技術
- SUSE Linux Enterprise Live Patching 12-SP4
- SUSE Linux Enterprise Micro 5.0
- SUSE Linux Enterprise Micro 5.1
- SUSE Linux Enterprise Module for Live Patching 15-SP2
- SUSE Linux Enterprise Module for Live Patching 15-SP3
- SUSE Linux Enterprise Module for Realtime 15-SP2
- SUSE Linux Enterprise Module for Realtime 15-SP3
解決方案
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
- https://www.suse.com/support/update/announcement/2022/suse-su-20220288-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220293-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220292-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220296-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220298-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220295-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220241-1
漏洞識別碼
- CVE-2018-25020
- CVE-2020-3702
- CVE-2020-25670
- CVE-2020-25671
- CVE-2020-25672
- CVE-2020-25673
- CVE-2021-4028
- CVE-2021-4083
- CVE-2021-4135
- CVE-2021-4149
- CVE-2021-4154
- CVE-2021-4197
- CVE-2021-4202
- CVE-2021-23134
- CVE-2021-42739
- CVE-2021-44733
- CVE-2021-45485
- CVE-2021-45486
- CVE-2021-46283
- CVE-2022-0185
- CVE-2022-0322
資料來源
相關連結
- https://www.auscert.org.au/bulletins/ESB-2022.0459
- https://www.auscert.org.au/bulletins/ESB-2022.0458
- https://www.auscert.org.au/bulletins/ESB-2022.0430
- https://www.suse.com/support/update/announcement/2022/suse-su-20220288-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220293-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220292-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220296-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220298-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220295-1
- https://www.suse.com/support/update/announcement/2022/suse-su-20220241-1
- https://www.cisa.gov/news-events/alerts/2024/08/21/cisa-adds-four-known-exploited-vulnerabilities-catalog
分享至