简介
Linux/Unix 主机上安装的一个或多个程序包存在漏洞,但供应商表示不会修补此漏洞。
描述
Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响,而供应商没有提供补丁程序。
- 在 Linux 内核中,已解决以下漏洞: tracing: Fix potential double free in create_var_ref() In create_var_ref(), init_var_ref() is called to initialize the fields of variable ref_field, which is allocated in the previous function call to create_hist_field(). Function init_var_ref() allocates the corresponding fields such as ref_field->system, but frees these fields when the function encounters an error. The caller later calls destroy_hist_field() to conduct error handling, which frees the fields and the variable itself. This results in double free of the fields which are already freed in the previous function. Fix this by storing NULL to the corresponding fields when they are freed in init_var_ref(). (CVE-2022-49410)
请注意,Nessus 依赖供应商报告的程序包是否存在进行判断。
插件详情
文件名: unpatched_CVE_2022_49410.nasl
代理: unix
支持的传感器: Nessus Agent, Nessus
风险信息
矢量: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C
矢量: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
时间矢量: CVSS:3.0/E:U/RL:O/RC:C
漏洞信息
必需的 KB 项: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched
易利用性: No known exploits are available