My Cloud OS 5 Firmware 5.22.113
WDC Tracking Number: WDC-22008
Published: May 18, 2022
Last Updated: May 18, 2022
Description
My Cloud OS 5 Firmware 5.22.113 includes updates to help improve the security of your My Cloud OS 5 devices.
To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
For more information on the latest security updates, see the release notes: https://os5releasenotes.mycloud.com/#/
Advisory Summary
A vulnerability in the Linux kernel’s cgroup_release_agent_write was addressed that could lead to escalation of privileges and bypass namespace isolation unexpectedly.
CVE Number: CVE-2022-0492
Addressed an integer overflow vulnerability in the GNU Multiple Arithmetic Library that could lead to a buffer overflow via crafted input.
CVE Number: CVE-2021-43618
Addressed an issue in OpenSSL that would make it possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing takes place before the certificate signature verification process, this could lead to a denial-of-service attack.
CVE Number: CVE-2022-0778