owned this note
owned this note
Published
Linked with GitHub
# Flatcar Container Linux Release - November 16th, 2022
## Stable 3374.2.0
- AMD64-usr
- Platforms succeeded: ALl
- Platforms failed: None
- Platforms not tested: None
- ARM64-usr
- Platforms succeeded: All
- Platforms failed: None
- Platforms not tested: None
VERDICT: _GO_
## LTS 3033.3.7
- AMD64-usr
- Platforms succeeded: ALl
- Platforms failed: None
- Platforms not tested: None
- ARM64-usr
- Platforms succeeded: All
- Platforms failed: None
- Platforms not tested: None
VERDICT: _GO_
## Communication
---
#### Guidelines / Things to Remember
- Release notes are used in a PR and will appear on https://www.flatcar-linux.org/releases/
- [Announcement Message](#Announcement-Message) is posted in [Flatcar-Linux-user](https://groups.google.com/g/flatcar-linux-user). Make sure to post as “Flatcar Container Linux User”, not with your personal user (this can be selected when drafting the post).
---
### Announcement Message
Subject: Announcing new releases Stable 3374.2.0 and LTS-2022 3033.3.7
Hello,
We are pleased to announce new Flatcar Container Linux releases Stable 3374.2.0 and LTS-2022 3033.3.7.
# New **Stable** Release **3374.2.0**
_Changes since **Stable 3227.2.4**_
#### Security fixes:
- Linux ([CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308), [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621), [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646), [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722), [CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750))
- binutils ([CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078))
- cifs-utils ([CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239), [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869))
- curl ([CVE-2022-22576](https://nvd.nist.gov/vuln/detail/CVE-2022-22576), [CVE-2022-27774](https://nvd.nist.gov/vuln/detail/CVE-2022-27774), [CVE-2022-27775](https://nvd.nist.gov/vuln/detail/CVE-2022-27775), [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776), [CVE-2022-27778](https://nvd.nist.gov/vuln/detail/CVE-2022-27778), [CVE-2022-27779](https://nvd.nist.gov/vuln/detail/CVE-2022-27779), [CVE-2022-27780](https://nvd.nist.gov/vuln/detail/CVE-2022-27780), [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781), [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782), [CVE-2022-30115](https://nvd.nist.gov/vuln/detail/CVE-2022-30115), [CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205), [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206), [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207), [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208))
- Docker ([CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526), [CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109))
- git ([CVE-2022-24765](https://nvd.nist.gov/vuln/detail/CVE-2022-24765), [CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187))
- GNU Libtasn1 ([Gentoo#866237](https://bugs.gentoo.org/866237))
- gnupg ([CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903))
- gnutls ([CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509))
- Go ([CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705), [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962), [CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664), [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131), [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526), [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630), [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631), [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632), [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633), [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635), [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148), [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190))
- ignition ([CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706))
- intel-microcode ([CVE-2022-21151](https://nvd.nist.gov/vuln/detail/CVE-2022-21151), [CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233))
- libtirpc ([CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828))
- libxml2 ([CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709), [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309), [CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824))
- ncurses ([CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458))
- oniguruma ([oniguruma-20220430](https://bugs.gentoo.org/841893))
- openssl ([CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292), [CVE-2022-1343](https://nvd.nist.gov/vuln/detail/CVE-2022-1343), [CVE-2022-1434](https://nvd.nist.gov/vuln/detail/CVE-2022-1434), [CVE-2022-1473](https://nvd.nist.gov/vuln/detail/CVE-2022-1473))
- polkit ([CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115))
- rsync ([CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032), [CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154))
- runc ([CVE-2022-29162](https://nvd.nist.gov/vuln/detail/CVE-2022-29162))
- shadow ([CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235))
- unzip ([CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529), [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530), [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217))
- vim ([CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629), [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685), [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714), [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729), [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943), [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154), [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160), [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381), [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420), [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616), [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619), [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620), [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621), [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629), [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674), [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733), [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735), [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769), [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771), [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785), [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796), [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897), [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898), [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886), [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851), [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927), [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942), [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968), [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000))
- zlib ([CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434))
- VMware: open-vm-tools ([CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676))
- SDK: qemu ([CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203), [CVE-2021-3713](https://nvd.nist.gov/vuln/detail/CVE-2021-3713), [CVE-2021-3930](https://nvd.nist.gov/vuln/detail/CVE-2021-3930), [CVE-2021-3947](https://nvd.nist.gov/vuln/detail/CVE-2021-3947), [CVE-2021-4145](https://nvd.nist.gov/vuln/detail/CVE-2021-4145), [CVE-2022-26353](https://nvd.nist.gov/vuln/detail/CVE-2022-26353), [CVE-2022-26354](https://nvd.nist.gov/vuln/detail/CVE-2022-26354))
#### Bug fixes:
- Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))
- Removed outdated LTS channel information printed on login ([init#75](https://github.com/flatcar-linux/init/pull/75))
#### Changes:
- Added efibootmgr binary to the image ([coreos-overlay#1955](https://github.com/flatcar-linux/coreos-overlay/pull/1955))
- Added symlink from `nc` to `ncat`. `-q` option is [not yet supported](https://github.com/nmap/nmap/issues/2422) ([flatcar#545](https://github.com/flatcar-linux/Flatcar/issues/545))
- flatcar-install: Added option to create UEFI boot entry ([init#74](https://github.com/flatcar-linux/init/pull/74))
- AWS: Added AWS IMDSv2 support to coreos-cloudinit ([flatcar-linux/coreos-cloudinit#13](https://github.com/flatcar-linux/coreos-cloudinit/pull/13))
- VMware: Added VMware networking configuration in the initramfs via guestinfo settings ([bootengine#44](https://github.com/flatcar-linux/bootengine/pull/44), [flatcar#717](https://github.com/flatcar-linux/Flatcar/issues/717))
- VMWare: Added `ignition-delete-config.service` to remove Ignition config from VM metadata, see also [here](https://coreos.github.io/ignition/operator-notes/#automatic-config-deletion) ([coreos-overlay#1948](https://github.com/flatcar-linux/coreos-overlay/pull/1948))
#### Updates:
- Linux ([5.15.74](https://lwn.net/Articles/911275) (includes ([5.15.73](https://lwn.net/Articles/910957), [5.15.72](https://lwn.net/Articles/910398). [5.15.71](https://lwn.net/Articles/909679)))
- Linux Firmware ([20220913](https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tag/?h=20220913))
- acpid ([2.0.33](https://sourceforge.net/p/acpid2/code/ci/2.0.33/tree/Changelog))
- adcli ([0.9.1](https://gitlab.freedesktop.org/realmd/adcli/-/releases#0.9.1))
- automake ([1.16.5](https://savannah.gnu.org/forum/forum.php?forum_id=10055))
- binutils ([2.38](https://lwn.net/Articles/884264/))
- bison ([3.8.2](https://lists.gnu.org/archive/html/bug-bison/2021-09/msg00056.html))
- boost ([1.79](https://www.boost.org/users/history/version_1_79_0.html))
- cifs-utils ([6.15](https://lists.samba.org/archive/samba-technical/2022-April/137335.html))
- containerd ([1.6.8](https://github.com/containerd/containerd/releases/tag/v1.6.8))
- curl ([7.84.0](https://github.com/curl/curl/releases/tag/curl-7_84_0))
- Cyrus SASL ([2.1.28](https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28))
- dbus ([1.12.22](https://gitlab.freedesktop.org/dbus/dbus/-/blob/177ab044bc87cbc4ded75d21b900795a6fefef76/NEWS))
- Docker ([20.10.18](https://docs.docker.com/engine/release-notes/#201018))
- e2fsprogs ([1.46.5](http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.5))
- gcc ([11.3.0](https://gcc.gnu.org/gcc-11/changes.html))
- gdb ([11.2](https://lists.gnu.org/archive/html/info-gnu/2022-01/msg00009.html))
- gdbm ([1.22](https://lists.gnu.org/archive/html/info-gnu/2021-10/msg00006.html))
- git ([2.35.3](https://github.com/git/git/blob/v2.35.3/Documentation/RelNotes/2.35.3.txt))
- glib ([2.72.3](https://gitlab.gnome.org/GNOME/glib/-/tags/2.73.3))
- GNU Libtasn1 ([4.19.0](https://lists.gnu.org/archive/html/help-libtasn1/2022-08/msg00001.html))
- gnupg ([2.2.35](https://dev.gnupg.org/T5928))
- gnutls ([3.7.7](https://gitlab.com/gnutls/gnutls/-/tags/3.7.7))
- Go ([1.18.6](https://go.dev/doc/devel/release#go1.18.6))
- ignition ([2.14.0](https://github.com/coreos/ignition/releases/tag/v2.14.0))
- intel-microcode ([20220809](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809))
- ldb ([2.4.1](https://gitlab.com/samba-team/samba/-/commit/a795e0c84597aa045d011e663dbad3cdabf0f1e6))
- libtool ([2.4.7](https://savannah.gnu.org/forum/forum.php?forum_id=10139))
- libxml2 ([2.10.2](https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.2))
- ncurses ([6.3_p20220423](https://lists.gnu.org/archive/html/info-gnu/2021-11/msg00001.html))
- oniguruma ([6.9.8](https://github.com/kkos/oniguruma/releases/tag/v6.9.8))
- OpenSSL ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html))
- perl ([5.34.1](https://perldoc.perl.org/5.34.1/perldelta))
- pkgconf ([1.8.0](https://gitea.treehouse.systems/ariadne/pkgconf/src/tag/pkgconf-1.8.0/NEWS))
- polkit ([121](https://gitlab.freedesktop.org/polkit/polkit/-/commit/827b0ddac5b1ef00a47fca4526fcf057bee5f1db))
- python ([3.9.12](https://www.python.org/downloads/release/python-3912/))
- rsync ([3.2.6](https://github.com/WayneD/rsync/releases/tag/v3.2.6))
- runc ([1.1.4](https://github.com/opencontainers/runc/releases/tag/v1.1.4))
- samba ([4.15.4](https://www.samba.org/samba/history/samba-4.15.4.html))
- shadow ([4.12.3](https://github.com/shadow-maint/shadow/releases/tag/4.12.3))
- sqlite ([3.38.1](https://www.sqlite.org/releaselog/3_38_1.html))
- sudo ([1.9.10](https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_10))
- talloc ([2.3.3](https://gitlab.com/samba-team/samba/-/commit/bc1ee7ca0640f0136e5af7dcc4ca8ed0a5893053))
- tevent ([0.11.0](https://gitlab.com/samba-team/samba/-/commit/de4e8a1af9564f6056f9af90867c2f013449051c))
- unzip ([6.0_p27](https://metadata.ftp-master.debian.org/changelogs//main/u/unzip/unzip_6.0-27_changelog))
- vim ([8.2.5066](https://github.com/vim/vim/releases/tag/v8.2.5066))
- OEM: distro ([1.7.0](https://github.com/python-distro/distro/releases/tag/v1.7.0))
- OEM: python ([3.9.12](https://www.python.org/downloads/release/python-3912/))
- VMware: open-vm-tools ([12.1.0](https://github.com/vmware/open-vm-tools/releases/tag/stable-12.1.0))
- SDK: libxslt ([1.1.35](https://gitlab.gnome.org/GNOME/libxslt/-/tags/v1.1.35))
- SDK: qemu ([7.0.0](https://wiki.qemu.org/ChangeLog/7.0))
- SDK: Rust ([1.63.0](https://github.com/rust-lang/rust/releases/tag/1.63.0))
_Changes since **Beta 3374.1.1**_
#### Bug fixes:
- Fixed Ignition btrfs forced formatting for OEM partition ([coreos-overlay#2277](https://github.com/flatcar/coreos-overlay/pull/2277))
#### Updates:
- OpenSSL ([3.0.7](https://www.openssl.org/news/openssl-3.0-notes.html))
# New **LTS-2022** Release **3033.3.7**
_Changes since **LTS 3033.3.6**_
#### Security fixes:
- Linux ([CVE-2021-4037](https://nvd.nist.gov/vuln/detail/CVE-2021-4037), [CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171), [CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602), [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663), [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061), [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303), [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535), [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542), [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565), [CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586), [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594), [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621), [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646), [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649), [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842), [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307), [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768), [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674), [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719), [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720), [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721), [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722), [CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750))
#### Updates:
- Linux ([5.10.154](https://lwn.net/Articles/914423) (includes [5.10.153](https://lwn.net/Articles/913682) [5.10.152](https://lwn.net/Articles/913110), [5.10.151](https://lwn.net/Articles/912993), [5.10.150](https://lwn.net/Articles/912501), [5.10.149](https://lwn.net/Articles/911488), [5.10.148](https://lwn.net/Articles/911276), [5.10.147](https://lwn.net/Articles/910399), [5.10.146](https://lwn.net/Articles/909680), [5.10.145](https://lwn.net/Articles/909213), [5.10.144](https://lwn.net/Articles/908783), [5.10.143](https://lwn.net/Articles/908141)))
- ca-certificates ([3.84](https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_84.html))
Best,
The Flatcar Container Linux Maintainers
---
### Security
**Subject**: Security issues fixed with the Stable 3374.2.0, LTS-2022 3033.3.7 releases
**Security fix**: With the Stable 3374.2.0, LTS-2022 3033.3.7 releases we ship fixes for the CVEs listed below.
#### Stable 3374.2.0
* Docker
* [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526) CVSSv3 score: 5.3(Medium)
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
* [CVE-2022-36109](https://nvd.nist.gov/vuln/detail/CVE-2022-36109) CVSSv3 score: n/a
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.
* Go
* [CVE-2022-1705](https://nvd.nist.gov/vuln/detail/CVE-2022-1705) CVSSv3 score: 6.5(Medium)
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
* [CVE-2022-1962](https://nvd.nist.gov/vuln/detail/CVE-2022-1962) CVSSv3 score: 5.5(Medium)
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
* [CVE-2022-27664](https://nvd.nist.gov/vuln/detail/CVE-2022-27664) CVSSv3 score: 7.5(High)
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
* [CVE-2022-28131](https://nvd.nist.gov/vuln/detail/CVE-2022-28131) CVSSv3 score: 7.5(High)
In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before 1.18.4, stack exhaustion and a panic can occur via a deeply nested XML document.
* [CVE-2022-29526](https://nvd.nist.gov/vuln/detail/CVE-2022-29526) CVSSv3 score: 5.3(Medium)
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
* [CVE-2022-30630](https://nvd.nist.gov/vuln/detail/CVE-2022-30630) CVSSv3 score: 7.5(High)
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
* [CVE-2022-30631](https://nvd.nist.gov/vuln/detail/CVE-2022-30631) CVSSv3 score: 7.5(High)
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.
* [CVE-2022-30632](https://nvd.nist.gov/vuln/detail/CVE-2022-30632) CVSSv3 score: 7.5(High)
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
* [CVE-2022-30633](https://nvd.nist.gov/vuln/detail/CVE-2022-30633) CVSSv3 score: 7.5(High)
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.
* [CVE-2022-30635](https://nvd.nist.gov/vuln/detail/CVE-2022-30635) CVSSv3 score: 7.5(High)
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
* [CVE-2022-32148](https://nvd.nist.gov/vuln/detail/CVE-2022-32148) CVSSv3 score: 6.5(Medium)
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.
* [CVE-2022-32190](https://nvd.nist.gov/vuln/detail/CVE-2022-32190) CVSSv3 score: 7.5(High)
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.
* Linux
* [CVE-2022-2308](https://nvd.nist.gov/vuln/detail/CVE-2022-2308) CVSSv3 score: 6.5(Medium)
A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.
* [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621) CVSSv3 score: 7.5(High)
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.
* [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646) CVSSv3 score: 5.3(Medium)
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.
* [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649) CVSSv3 score: 9.8(Critical)
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.
* [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768) CVSSv3 score: 5.5(Medium)
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
* [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674) CVSSv3 score: 8.1(High)
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
* [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719) CVSSv3 score: 8.8(High)
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
* [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720) CVSSv3 score: 7.8(High)
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
* [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721) CVSSv3 score: 5.5(Medium)
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
* [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722) CVSSv3 score: 5.5(Medium)
In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.
* [CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750) CVSSv3 score: 7.8(High)
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
* binutils
* [CVE-2021-45078](https://nvd.nist.gov/vuln/detail/CVE-2021-45078) CVSSv3 score: 7.8(High)
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
* cifs-utils
* [CVE-2022-27239](https://nvd.nist.gov/vuln/detail/CVE-2022-27239) CVSSv3 score: 7.8(High)
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
* [CVE-2022-29869](https://nvd.nist.gov/vuln/detail/CVE-2022-29869) CVSSv3 score: 5.3(Medium)
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
* curl
* [CVE-2022-22576](https://nvd.nist.gov/vuln/detail/CVE-2022-22576) CVSSv3 score: 8.1(High)
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
* [CVE-2022-27774](https://nvd.nist.gov/vuln/detail/CVE-2022-27774) CVSSv3 score: 5.7(Medium)
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
* [CVE-2022-27775](https://nvd.nist.gov/vuln/detail/CVE-2022-27775) CVSSv3 score: 7.5(High)
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
* [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776) CVSSv3 score: 6.5(Medium)
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
* [CVE-2022-27778](https://nvd.nist.gov/vuln/detail/CVE-2022-27778) CVSSv3 score: 8.1(High)
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
* [CVE-2022-27779](https://nvd.nist.gov/vuln/detail/CVE-2022-27779) CVSSv3 score: 5.3(Medium)
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
* [CVE-2022-27780](https://nvd.nist.gov/vuln/detail/CVE-2022-27780) CVSSv3 score: 7.5(High)
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.
* [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781) CVSSv3 score: 7.5(High)
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
* [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782) CVSSv3 score: 7.5(High)
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
* [CVE-2022-30115](https://nvd.nist.gov/vuln/detail/CVE-2022-30115) CVSSv3 score: 4.3(Medium)
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.
* [CVE-2022-32205](https://nvd.nist.gov/vuln/detail/CVE-2022-32205) CVSSv3 score: 4.3(Medium)
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
* [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206) CVSSv3 score: 6.5(Medium)
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
* [CVE-2022-32207](https://nvd.nist.gov/vuln/detail/CVE-2022-32207) CVSSv3 score: 9.8(Critical)
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
* [CVE-2022-32208](https://nvd.nist.gov/vuln/detail/CVE-2022-32208) CVSSv3 score: 5.9(Medium)
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
* git
* [CVE-2022-24765](https://nvd.nist.gov/vuln/detail/CVE-2022-24765) CVSSv3 score: 7.8(High)
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.
* [CVE-2022-29187](https://nvd.nist.gov/vuln/detail/CVE-2022-29187) CVSSv3 score: n/a
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.
* gnupg
* [CVE-2022-34903](https://nvd.nist.gov/vuln/detail/CVE-2022-34903) CVSSv3 score: 6.5(Medium)
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
* gnutls
* [CVE-2022-2509](https://nvd.nist.gov/vuln/detail/CVE-2022-2509) CVSSv3 score: 7.5(High)
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
* ignition
* [CVE-2022-1706](https://nvd.nist.gov/vuln/detail/CVE-2022-1706) CVSSv3 score: 6.5(Medium)
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.
* intel-microcode
* [CVE-2022-21151](https://nvd.nist.gov/vuln/detail/CVE-2022-21151) CVSSv3 score: 5.5(Medium)
Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
* [CVE-2022-21233](https://nvd.nist.gov/vuln/detail/CVE-2022-21233) CVSSv3 score: 5.5(Medium)
Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
* libtirpc
* [CVE-2021-46828](https://nvd.nist.gov/vuln/detail/CVE-2021-46828) CVSSv3 score: 7.5(High)
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
* libxml2
* [CVE-2016-3709](https://nvd.nist.gov/vuln/detail/CVE-2016-3709) CVSSv3 score: 6.1(Medium)
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
* [CVE-2022-2309](https://nvd.nist.gov/vuln/detail/CVE-2022-2309) CVSSv3 score: 7.5(High)
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.
* [CVE-2022-29824](https://nvd.nist.gov/vuln/detail/CVE-2022-29824) CVSSv3 score: 6.5(Medium)
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
* ncurses
* [CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458) CVSSv3 score: 7.1(High)
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
* openssl
* [CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292) CVSSv3 score: 9.8(Critical)
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
* [CVE-2022-1343](https://nvd.nist.gov/vuln/detail/CVE-2022-1343) CVSSv3 score: 5.3(Medium)
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
* [CVE-2022-1434](https://nvd.nist.gov/vuln/detail/CVE-2022-1434) CVSSv3 score: 5.9(Medium)
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
* [CVE-2022-1473](https://nvd.nist.gov/vuln/detail/CVE-2022-1473) CVSSv3 score: 7.5(High)
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
* polkit
* [CVE-2021-4115](https://nvd.nist.gov/vuln/detail/CVE-2021-4115) CVSSv3 score: 5.5(Medium)
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
* rsync
* [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) CVSSv3 score: 7.5(High)
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
* [CVE-2022-29154](https://nvd.nist.gov/vuln/detail/CVE-2022-29154) CVSSv3 score: 7.4(High)
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
* runc
* [CVE-2022-29162](https://nvd.nist.gov/vuln/detail/CVE-2022-29162) CVSSv3 score: 7.8(High)
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.
* shadow
* [CVE-2013-4235](https://nvd.nist.gov/vuln/detail/CVE-2013-4235) CVSSv3 score: 4.7(Medium)
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
* unzip
* [CVE-2022-0529](https://nvd.nist.gov/vuln/detail/CVE-2022-0529) CVSSv3 score: 5.5(Medium)
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
* [CVE-2022-0530](https://nvd.nist.gov/vuln/detail/CVE-2022-0530) CVSSv3 score: 5.5(Medium)
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
* [CVE-2021-4217](https://nvd.nist.gov/vuln/detail/CVE-2021-4217) CVSSv3 score: 7.8(High)
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
* vim
* [CVE-2022-0629](https://nvd.nist.gov/vuln/detail/CVE-2022-0629) CVSSv3 score: 7.8(High)
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
* [CVE-2022-0685](https://nvd.nist.gov/vuln/detail/CVE-2022-0685) CVSSv3 score: 7.8(High)
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
* [CVE-2022-0714](https://nvd.nist.gov/vuln/detail/CVE-2022-0714) CVSSv3 score: 5.5(Medium)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
* [CVE-2022-0729](https://nvd.nist.gov/vuln/detail/CVE-2022-0729) CVSSv3 score: 8.8(High)
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
* [CVE-2022-0943](https://nvd.nist.gov/vuln/detail/CVE-2022-0943) CVSSv3 score: 7.8(High)
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
* [CVE-2022-1154](https://nvd.nist.gov/vuln/detail/CVE-2022-1154) CVSSv3 score: 7.8(High)
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
* [CVE-2022-1160](https://nvd.nist.gov/vuln/detail/CVE-2022-1160) CVSSv3 score: 7.8(High)
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
* [CVE-2022-1381](https://nvd.nist.gov/vuln/detail/CVE-2022-1381) CVSSv3 score: 7.8(High)
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
* [CVE-2022-1420](https://nvd.nist.gov/vuln/detail/CVE-2022-1420) CVSSv3 score: 5.5(Medium)
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
* [CVE-2022-1616](https://nvd.nist.gov/vuln/detail/CVE-2022-1616) CVSSv3 score: 7.8(High)
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
* [CVE-2022-1619](https://nvd.nist.gov/vuln/detail/CVE-2022-1619) CVSSv3 score: 7.8(High)
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
* [CVE-2022-1620](https://nvd.nist.gov/vuln/detail/CVE-2022-1620) CVSSv3 score: 7.5(High)
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
* [CVE-2022-1621](https://nvd.nist.gov/vuln/detail/CVE-2022-1621) CVSSv3 score: 7.8(High)
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
* [CVE-2022-1629](https://nvd.nist.gov/vuln/detail/CVE-2022-1629) CVSSv3 score: 7.8(High)
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
* [CVE-2022-1674](https://nvd.nist.gov/vuln/detail/CVE-2022-1674) CVSSv3 score: 5.5(Medium)
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.
* [CVE-2022-1733](https://nvd.nist.gov/vuln/detail/CVE-2022-1733) CVSSv3 score: 7.8(High)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
* [CVE-2022-1735](https://nvd.nist.gov/vuln/detail/CVE-2022-1735) CVSSv3 score: 7.8(High)
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
* [CVE-2022-1769](https://nvd.nist.gov/vuln/detail/CVE-2022-1769) CVSSv3 score: 7.8(High)
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
* [CVE-2022-1771](https://nvd.nist.gov/vuln/detail/CVE-2022-1771) CVSSv3 score: 5.5(Medium)
Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.
* [CVE-2022-1785](https://nvd.nist.gov/vuln/detail/CVE-2022-1785) CVSSv3 score: 7.8(High)
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
* [CVE-2022-1796](https://nvd.nist.gov/vuln/detail/CVE-2022-1796) CVSSv3 score: 7.8(High)
Use After Free in GitHub repository vim/vim prior to 8.2.4979.
* [CVE-2022-1897](https://nvd.nist.gov/vuln/detail/CVE-2022-1897) CVSSv3 score: 7.8(High)
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
* [CVE-2022-1898](https://nvd.nist.gov/vuln/detail/CVE-2022-1898) CVSSv3 score: 7.8(High)
Use After Free in GitHub repository vim/vim prior to 8.2.
* [CVE-2022-1886](https://nvd.nist.gov/vuln/detail/CVE-2022-1886) CVSSv3 score: 7.8(High)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
* [CVE-2022-1851](https://nvd.nist.gov/vuln/detail/CVE-2022-1851) CVSSv3 score: 7.8(High)
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
* [CVE-2022-1927](https://nvd.nist.gov/vuln/detail/CVE-2022-1927) CVSSv3 score: 7.8(High)
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
* [CVE-2022-1942](https://nvd.nist.gov/vuln/detail/CVE-2022-1942) CVSSv3 score: 7.8(High)
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
* [CVE-2022-1968](https://nvd.nist.gov/vuln/detail/CVE-2022-1968) CVSSv3 score: 7.8(High)
Use After Free in GitHub repository vim/vim prior to 8.2.
* [CVE-2022-2000](https://nvd.nist.gov/vuln/detail/CVE-2022-2000) CVSSv3 score: 7.8(High)
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
* zlib
* [CVE-2022-37434](https://nvd.nist.gov/vuln/detail/CVE-2022-37434) CVSSv3 score: 9.8(Critical)
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
* VMware: open-vm-tools
* [CVE-2022-31676](https://nvd.nist.gov/vuln/detail/CVE-2022-31676) CVSSv3 score: 7.8(High)
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
* SDK: qemu
* [CVE-2021-20203](https://nvd.nist.gov/vuln/detail/CVE-2021-20203) CVSSv3 score: 3.2(Low)
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
* [CVE-2021-3713](https://nvd.nist.gov/vuln/detail/CVE-2021-3713) CVSSv3 score: 7.4(High)
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields. A malicious guest user could use this flaw to crash QEMU or potentially achieve code execution with the privileges of the QEMU process on the host.
* [CVE-2021-3930](https://nvd.nist.gov/vuln/detail/CVE-2021-3930) CVSSv3 score: 6.5(Medium)
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.
* [CVE-2021-3947](https://nvd.nist.gov/vuln/detail/CVE-2021-3947) CVSSv3 score: 5.5(Medium)
A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.
* [CVE-2021-4145](https://nvd.nist.gov/vuln/detail/CVE-2021-4145) CVSSv3 score: 6.5(Medium)
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.
* [CVE-2022-26353](https://nvd.nist.gov/vuln/detail/CVE-2022-26353) CVSSv3 score: 7.5(High)
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
* [CVE-2022-26354](https://nvd.nist.gov/vuln/detail/CVE-2022-26354) CVSSv3 score: 3.2(Low)
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
### LTS-2022 3033.3.7
* Linux
* [CVE-2021-4037](https://nvd.nist.gov/vuln/detail/CVE-2021-4037) CVSSv3 score: 7.8(High)
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.
* [CVE-2022-0171](https://nvd.nist.gov/vuln/detail/CVE-2022-0171) CVSSv3 score: 5.5(Medium)
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).
* [CVE-2022-2602](https://nvd.nist.gov/vuln/detail/CVE-2022-2602) CVSSv3 score: n/a
* [CVE-2022-2663](https://nvd.nist.gov/vuln/detail/CVE-2022-2663) CVSSv3 score: 5.3(Medium)
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
* [CVE-2022-3061](https://nvd.nist.gov/vuln/detail/CVE-2022-3061) CVSSv3 score: 5.5(Medium)
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.
* [CVE-2022-3303](https://nvd.nist.gov/vuln/detail/CVE-2022-3303) CVSSv3 score: 4.7(Medium)
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition
* [CVE-2022-3535](https://nvd.nist.gov/vuln/detail/CVE-2022-3535) CVSSv3 score: n/a
A vulnerability classified as problematic was found in Linux Kernel. Affected by this vulnerability is the function mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c of the component mvpp2. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier VDB-211033 was assigned to this vulnerability.
* [CVE-2022-3542](https://nvd.nist.gov/vuln/detail/CVE-2022-3542) CVSSv3 score: 5.5(Medium)
A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function bnx2x_tpa_stop of the file drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211042 is the identifier assigned to this vulnerability.
* [CVE-2022-3565](https://nvd.nist.gov/vuln/detail/CVE-2022-3565) CVSSv3 score: 8(High)
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.
* [CVE-2022-3586](https://nvd.nist.gov/vuln/detail/CVE-2022-3586) CVSSv3 score: 5.5(Medium)
A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.
* [CVE-2022-3594](https://nvd.nist.gov/vuln/detail/CVE-2022-3594) CVSSv3 score: 7.5(High)
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
* [CVE-2022-3621](https://nvd.nist.gov/vuln/detail/CVE-2022-3621) CVSSv3 score: 7.5(High)
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.
* [CVE-2022-3646](https://nvd.nist.gov/vuln/detail/CVE-2022-3646) CVSSv3 score: 5.3(Medium)
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.
* [CVE-2022-3649](https://nvd.nist.gov/vuln/detail/CVE-2022-3649) CVSSv3 score: 9.8(Critical)
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.
* [CVE-2022-39842](https://nvd.nist.gov/vuln/detail/CVE-2022-39842) CVSSv3 score: 6.1(Medium)
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur.
* [CVE-2022-40307](https://nvd.nist.gov/vuln/detail/CVE-2022-40307) CVSSv3 score: 4.7(Medium)
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
* [CVE-2022-40768](https://nvd.nist.gov/vuln/detail/CVE-2022-40768) CVSSv3 score: 5.5(Medium)
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
* [CVE-2022-41674](https://nvd.nist.gov/vuln/detail/CVE-2022-41674) CVSSv3 score: 8.1(High)
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
* [CVE-2022-42719](https://nvd.nist.gov/vuln/detail/CVE-2022-42719) CVSSv3 score: 8.8(High)
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
* [CVE-2022-42720](https://nvd.nist.gov/vuln/detail/CVE-2022-42720) CVSSv3 score: 7.8(High)
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
* [CVE-2022-42721](https://nvd.nist.gov/vuln/detail/CVE-2022-42721) CVSSv3 score: 5.5(Medium)
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
* [CVE-2022-42722](https://nvd.nist.gov/vuln/detail/CVE-2022-42722) CVSSv3 score: 5.5(Medium)
In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.
* [CVE-2022-43750](https://nvd.nist.gov/vuln/detail/CVE-2022-43750) CVSSv3 score: 7.8(High)
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
---
### Communication
#### Go/No-Go message for Matrix/Slack
Go/No-Go Meeting for Stable 3374.2.0, LTS-2022 3033.3.7
Pre-view images are available in https://bincache.flatcar-linux.net/images/amd64/$VERSION/
Tracking issue: https://github.com/flatcar/Flatcar/issues/899
The Go/No-Go document is in our HackMD @flatcar namespace
Link: https://hackmd.io/a9O92JFuSjOeE740U5Kb7A?view
Please give your Go/No-Go vote with 💚 for Go, ❌ for No-Go, and ✋ for Wait.
Contributors & community feel free to put your suggestions, thoughts or comments on the document or here in the chat.
@MAINTAINER @MAINTAINER @MAINTAINER
#### Twitter
_The tweet (from [@flatcar](https://twitter.com/flatcar)) goes out after the changelog update has been published; it includes a link to the web changelog._
New Flatcar Stable, LTS-2022 releases now available!
📦 Many package updates for Stable: Linux, curl and others
🔒 CVE fixes & security patches: Linux, git, Go and others
📜 Release notes at the usual spot: https://www.flatcar.org/releases/
#### Kubernetes Slack
_This goes in the #flatcar channel_
Please welcome the new Flatcar releases:
- Stable 3374.2.0 (new major)
- LTS-2022 3033.3.7 (maintenance release)
These releases include:
📦 Many package updates for Stable: Linux, curl and others
🔒 CVE fixes & security patches: Linux, git, Go and others
📜 Release notes in usual spot: https://www.flatcar.org/releases/