Detections
Analytics
Debian DSA-5096-1 : linux - security update
high Nessus Plugin ID 158761
Language:
Synopsis
The remote Debian host is missing one or more security-related updates.Description
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5096 advisory.Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2020-29374 Jann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption. This issue was already fixed for most architectures, but not on MIPS and System z. This update corrects that. CVE-2020-36322, CVE-2021-28950 The syzbot tool found that the FUSE (filesystem-in-user-space) implementation did not correctly handle a FUSE server returning invalid attributes for a file. A local user permitted to run a FUSE server could use this to cause a denial of service (crash). The original fix for this introduced a different potential denial of service (infinite loop in kernel space), which has also been fixed.
CVE-2021-3640 Lin Ma discovered a race condiiton in the Bluetooth protocol implementation that can lead to a use-after-free. A local user could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-3744, CVE-2021-3764 minihanshen reported bugs in the ccp driver for AMD Cryptographic Coprocessors that could lead to a resource leak. On systems using this driver, a local user could exploit this to cause a denial of service. CVE-2021-3752 Likang Luo of NSFOCUS Security Team discovered a flaw in the Bluetooth L2CAP implementation that can lead to a user-after-free.
A local user could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-3760, CVE-2021-4202 Lin Ma discovered race conditions in the NCI (NFC Controller Interface) driver, which could lead to a use-after-free. A local user could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. This driver is not enabled in Debian's official kernel configurations. CVE-2021-3772 A flaw was found in the SCTP protocol implementation, which would allow a networked attacker to break an SCTP association. The attacker would only need to know or guess the IP addresses and ports for the association. CVE-2021-4002 It was discovered that hugetlbfs, the virtual filesystem used by applications to allocate huge pages in RAM, did not flush the CPU's TLB in one case where it was necessary. In some circumstances a local user would be able to read and write huge pages after they are freed and reallocated to a different process. This could lead to privilege escalation, denial of service or information leaks. CVE-2021-4083 Jann Horn reported a race condition in the local (Unix) sockets garbage collector, that can lead to use-after-free. A local user could exploit this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-4135 A flaw was found in the netdevsim driver which would lead to an information leak. This driver is not enabled in Debian's official kernel configurations. CVE-2021-4155 Kirill Tkhai discovered a data leak in the way the XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for a size increase of files with unaligned size. A local attacker can take advantage of this flaw to leak data on the XFS filesystem. CVE-2021-4203 Jann Horn reported a race condition in the local (Unix) sockets implementation that can lead to a use-after-free. A local user could exploit this to leak sensitive information from the kernel. CVE-2021-20317 It was discovered that the timer queue structure could become corrupt, leading to waiting tasks never being woken up. A local user with certain privileges could exploit this to cause a denial of service (system hang). CVE-2021-20321 A race condition was discovered in the overlayfs filesystem driver. A local user with access to an overlayfs mount and to its underlying upper directory could exploit this for privilege escalation. CVE-2021-20322 An information leak was discovered in the IPv4 implementation. A remote attacker could exploit this to quickly discover which UDP ports a system is using, making it easier for them to carry out a DNS poisoning attack against that system.
CVE-2021-22600 The syzbot tool found a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user with CAP_NET_RAW capability (in any user namespace) could exploit this for denial of service (memory corruption or crash) or possibly for privilege escalation.
CVE-2021-28711, CVE-2021-28712, CVE-2021-28713 (XSA-391) Juergen Gross reported that malicious PV backends can cause a denial of service to guests being serviced by those backends via high frequency events, even if those backends are running in a less privileged environment. CVE-2021-28714, CVE-2021-28715 (XSA-392) Juergen Gross discovered that Xen guests can force the Linux netback driver to hog large amounts of kernel memory, resulting in denial of service. CVE-2021-38300 Piotr Krysiuk discovered a flaw in the classic BPF (cBPF) JIT compiler for MIPS architectures. A local user could exploit this to excute arbitrary code in the kernel. This issue is mitigated by setting sysctl net.core.bpf_jit_enable=0, which is the default. It is *not* mitigated by disabling unprivileged use of eBPF. CVE-2021-39685 Szymon Heidrich discovered a buffer overflow vulnerability in the USB gadget subsystem, resulting in information disclosure, denial of service or privilege escalation. CVE-2021-39686 A race condition was discovered in the Android binder driver, that could lead to incorrect security checks. On systems where the binder driver is loaded, a local user could exploit this for privilege escalation. CVE-2021-39698 Linus Torvalds reported a flaw in the file polling implementation, which could lead to a use-after-free. A local user could exploit this for denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-39713 The syzbot tool found a race condition in the network scheduling subsystem which could lead to a use-after- free. A local user could exploit this for denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-41864 An integer overflow was discovered in the Extended BPF (eBPF) subsystem. A local user could exploit this for denial of service (memory corruption or crash), or possibly for privilege escalation. This can be mitigated by setting sysctl kernel.unprivileged_bpf_disabled=1, which disables eBPF use by unprivileged users. CVE-2021-42739 A heap buffer overflow was discovered in the firedtv driver for FireWire-connected DVB receivers. A local user with access to a firedtv device could exploit this for denial of service (memory corruption or crash), or possibly for privilege escalation.
CVE-2021-43389 The Active Defense Lab of Venustech discovered a flaw in the CMTP subsystem as used by Bluetooth, which could lead to an out-of-bounds read and object type confusion. A local user with CAP_NET_ADMIN capability in the initial user namespace could exploit this for denial of service (memory corruption or crash), or possibly for privilege escalation. CVE-2021-43975 Brendan Dolan-Gavitt reported a flaw in the hw_atl_utils_fw_rpc_wait() function in the aQuantia AQtion ethernet device driver which can result in denial of service or the execution of arbitrary code. CVE-2021-43976 Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An attacker able to connect a crafted USB device can take advantage of this flaw to cause a denial of service. CVE-2021-44733 A race condition was discovered in the Trusted Execution Environment (TEE) subsystem for Arm processors, which could lead to a use-after-free. A local user permitted to access a TEE device could exploit this for denial of service (memory corruption or crash) or possibly for privilege escalation. CVE-2021-45095 It was discovered that the Phone Network protocol (PhoNet) driver has a reference count leak in the pep_sock_accept() function. CVE-2021-45469 Wenqing Liu reported an out-of- bounds memory access in the f2fs implementation if an inode has an invalid last xattr entry. An attacker able to mount a specially crafted image can take advantage of this flaw for denial of service.
CVE-2021-45480 A memory leak flaw was discovered in the __rds_conn_create() function in the RDS (Reliable Datagram Sockets) protocol subsystem. CVE-2022-0001 (INTEL-SA-00598) Researchers at VUSec discovered that the Branch History Buffer in Intel processors can be exploited to create information side channels with speculative execution. This issue is similar to Spectre variant 2, but requires additional mitigations on some processors. This can be exploited to obtain sensitive information from a different security context, such as from user-space to the kernel, or from a KVM guest to the kernel. CVE-2022-0002 (INTEL-SA-00598) This is a similar issue to CVE-2022-0001, but covers exploitation within a security context, such as from JIT-compiled code in a sandbox to hosting code in the same process. This can be partly mitigated by disabling eBPF for unprivileged users with the sysctl: kernel.unprivileged_bpf_disabled=2. This update does that by default. CVE-2022-0322 Eiichi Tsukata discovered a flaw in the sctp_make_strreset_req() function in the SCTP network protocol implementation which can result in denial of service. CVE-2022-0330 Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the i915 driver, resulting in denial of service or privilege escalation. CVE-2022-0435 Samuel Page and Eric Dumazet reported a stack overflow in the networking module for the Transparent Inter-Process Communication (TIPC) protocol, resulting in denial of service or potentially the execution of arbitrary code. CVE-2022-0487 A use-after-free was discovered in the MOXART SD/MMC Host Controller support driver. This flaw does not impact the Debian binary packages as CONFIG_MMC_MOXART is not set. CVE-2022-0492 Yiqi Sun and Kevin Wang reported that the cgroup-v1 subsystem does not properly restrict access to the release-agent feature. A local user can take advantage of this flaw for privilege escalation and bypass of namespace isolation. CVE-2022-0617 butt3rflyh4ck discovered a NULL pointer dereference in the UDF filesystem. A local user that can mount a specially crafted UDF image can use this flaw to crash the system. CVE-2022-0644 Hao Sun reported a missing check for file read permission in the finit_module() and kexec_file_load() system calls. The security impact of this is unclear, since these system calls are usually only available to the root user. CVE-2022-22942 It was discovered that wrong file file descriptor handling in the VMware Virtual GPU driver (vmwgfx) could result in information leak or privilege escalation. CVE-2022-24448 Lyu Tao reported a flaw in the NFS implementation in the Linux kernel when handling requests to open a directory on a regular file, which could result in a information leak. CVE-2022-24959 A memory leak was discovered in the yam_siocdevprivate() function of the YAM driver for AX.25, which could result in denial of service.
CVE-2022-25258 Szymon Heidrich reported the USB Gadget subsystem lacks certain validation of interface OS descriptor requests, resulting in memory corruption. CVE-2022-25375 Szymon Heidrich reported that the RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command, resulting in information leak from kernel memory. For the oldstable distribution (buster), these problems have been fixed in version 4.19.232-1. This update additionally includes many more bug fixes from stable updates 4.19.209-4.19.232 inclusive. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Tenable has extracted the preceding description block directly from the Debian security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the linux packages.See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988044
https://security-tracker.debian.org/tracker/source-package/linux
https://www.debian.org/security/2022/dsa-5096
https://packages.debian.org/source/buster/linux
https://security-tracker.debian.org/tracker/CVE-2020-29374
https://security-tracker.debian.org/tracker/CVE-2020-36322
https://security-tracker.debian.org/tracker/CVE-2021-3640
https://security-tracker.debian.org/tracker/CVE-2021-3744
https://security-tracker.debian.org/tracker/CVE-2021-3752
https://security-tracker.debian.org/tracker/CVE-2021-3760
https://security-tracker.debian.org/tracker/CVE-2021-3764
https://security-tracker.debian.org/tracker/CVE-2021-3772
https://security-tracker.debian.org/tracker/CVE-2021-4002
https://security-tracker.debian.org/tracker/CVE-2021-4083
https://security-tracker.debian.org/tracker/CVE-2021-4135
https://security-tracker.debian.org/tracker/CVE-2021-4155
https://security-tracker.debian.org/tracker/CVE-2021-4202
https://security-tracker.debian.org/tracker/CVE-2021-4203
https://security-tracker.debian.org/tracker/CVE-2021-20317
https://security-tracker.debian.org/tracker/CVE-2021-20321
https://security-tracker.debian.org/tracker/CVE-2021-20322
https://security-tracker.debian.org/tracker/CVE-2021-22600
https://security-tracker.debian.org/tracker/CVE-2021-28711
https://security-tracker.debian.org/tracker/CVE-2021-28712
https://security-tracker.debian.org/tracker/CVE-2021-28713
https://security-tracker.debian.org/tracker/CVE-2021-28714
https://security-tracker.debian.org/tracker/CVE-2021-28715
https://security-tracker.debian.org/tracker/CVE-2021-28950
https://security-tracker.debian.org/tracker/CVE-2021-38300
https://security-tracker.debian.org/tracker/CVE-2021-39685
https://security-tracker.debian.org/tracker/CVE-2021-39686
https://security-tracker.debian.org/tracker/CVE-2021-39698
https://security-tracker.debian.org/tracker/CVE-2021-39713
https://security-tracker.debian.org/tracker/CVE-2021-41864
https://security-tracker.debian.org/tracker/CVE-2021-42739
https://security-tracker.debian.org/tracker/CVE-2021-43389
https://security-tracker.debian.org/tracker/CVE-2021-43975
https://security-tracker.debian.org/tracker/CVE-2021-43976
https://security-tracker.debian.org/tracker/CVE-2021-44733
https://security-tracker.debian.org/tracker/CVE-2021-45095
https://security-tracker.debian.org/tracker/CVE-2021-45469
https://security-tracker.debian.org/tracker/CVE-2021-45480
https://security-tracker.debian.org/tracker/CVE-2022-0001
https://security-tracker.debian.org/tracker/CVE-2022-0002
https://security-tracker.debian.org/tracker/CVE-2022-0322
https://security-tracker.debian.org/tracker/CVE-2022-0330
https://security-tracker.debian.org/tracker/CVE-2022-0435
https://security-tracker.debian.org/tracker/CVE-2022-0487
https://security-tracker.debian.org/tracker/CVE-2022-0492
https://security-tracker.debian.org/tracker/CVE-2022-0617
https://security-tracker.debian.org/tracker/CVE-2022-22942
https://security-tracker.debian.org/tracker/CVE-2022-24448
https://security-tracker.debian.org/tracker/CVE-2022-24959
Plugin Details
Severity: High
ID: 158761
File Name: debian_DSA-5096.nasl
Version: 1.12
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 3/9/2022
Updated: 9/25/2025
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.4
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2022-0435
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.4
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common, p-cpe:/a:debian:debian_linux:libbpf4.19, p-cpe:/a:debian:debian_linux:libcpupower1, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rpi, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-s390x, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-arm64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-octeon, p-cpe:/a:debian:debian_linux:linux-libc-dev, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-arm64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-amd64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-unsigned, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp, p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template, p-cpe:/a:debian:debian_linux:usbip, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-arm64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armel, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-unsigned, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp-lpae, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armhf, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-s390x, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-ppc64el, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-unsigned, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-cloud-amd64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-unsigned, p-cpe:/a:debian:debian_linux:libcpupower-dev, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-x86, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-powerpc64le, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686-pae, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon-dbg, p-cpe:/a:debian:debian_linux:linux-doc-4.19, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-686-pae, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-loongson-3, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-amd64, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips64el, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-i386, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-s390, p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mipsel, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-marvell, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common-rt, p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-unsigned, p-cpe:/a:debian:debian_linux:linux-config-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-kbuild-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi, p-cpe:/a:debian:debian_linux:libbpf-dev, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-4kc-malta, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-unsigned, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-amd64, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-unsigned, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon, p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-arm, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-unsigned, p-cpe:/a:debian:debian_linux:hyperv-daemons, p-cpe:/a:debian:debian_linux:linux-cpupower, p-cpe:/a:debian:debian_linux:linux-perf-4.19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips, p-cpe:/a:debian:debian_linux:linux-support-4.19.0-19, p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x, p-cpe:/a:debian:debian_linux:linux-source-4.19, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-armmp, p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-5kc-malta
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/9/2022
Vulnerability Publication Date: 11/28/2020
CISA Known Exploited Vulnerability Due Dates: 5/2/2022
Exploitable With
Metasploit (vmwgfx Driver File Descriptor Handling Priv Esc)
Reference Information
CVE: CVE-2020-29374, CVE-2020-36322, CVE-2021-20317, CVE-2021-20321, CVE-2021-20322, CVE-2021-22600, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-28950, CVE-2021-3640, CVE-2021-3744, CVE-2021-3752, CVE-2021-3760, CVE-2021-3764, CVE-2021-3772, CVE-2021-38300, CVE-2021-39685, CVE-2021-39686, CVE-2021-39698, CVE-2021-39713, CVE-2021-4002, CVE-2021-4083, CVE-2021-4135, CVE-2021-4155, CVE-2021-41864, CVE-2021-4202, CVE-2021-4203, CVE-2021-42739, CVE-2021-43389, CVE-2021-43975, CVE-2021-43976, CVE-2021-44733, CVE-2021-45095, CVE-2021-45469, CVE-2021-45480, CVE-2022-0001, CVE-2022-0002, CVE-2022-0322, CVE-2022-0330, CVE-2022-0435, CVE-2022-0487, CVE-2022-0492, CVE-2022-0617, CVE-2022-22942, CVE-2022-24448, CVE-2022-24959, CVE-2022-25258, CVE-2022-25375