CVE-2023-1077
https://notcve.org/view.php?id=CVE-2023-1077
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. • https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230511-0002 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2021-33060
https://notcve.org/view.php?id=CVE-2021-33060
Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Una escritura fuera de límites en el firmware de la BIOS para algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente una escalada de privilegios por medio de acceso local. • https://security.netapp.com/advisory/ntap-20220930-0004 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00686.html • CWE-787: Out-of-bounds Write •
CVE-2022-36879 – kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice
https://notcve.org/view.php?id=CVE-2022-36879
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. Se ha detectado un problema en el kernel de Linux versiones hasta 5.18.14. la función xfrm_expand_policies en el archivo net/xfrm/xfrm_policy.c puede causar que un refcount sea descartado dos veces A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). An error while resolving policies in xfrm_bundle_lookup causes the refcount to drop twice, leading to a possible crash and a denial of service. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901 https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901 https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://security.netapp.com/advisory/ntap-20220901-0007 https://www.debian.org/security/2022/dsa-5207 https://access.redhat.com/security/cve/CVE-2022-36879 https://bugzilla.r • CWE-911: Improper Update of Reference Count •
CVE-2022-1434 – Incorrect MAC key used in the RC4-MD5 ciphersuite
https://notcve.org/view.php?id=CVE-2022-1434
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. • https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7d56a74a96828985db7354a55227a511615f732b https://security.netapp.com/advisory/ntap-20220602-0009 https://www.openssl.org/news/secadv/20220503.txt • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2022-1292 – The c_rehash script allows command injection
https://notcve.org/view.php?id=CVE-2022-1292
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). • https://github.com/alcaparra/CVE-2022-1292 https://github.com/li8u99/CVE-2022-1292 https://github.com/greek0x0/CVE-2022-1292 https://github.com/rama291041610/CVE-2022-1292 https://github.com/und3sc0n0c1d0/CVE-2022-1292 https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb https://git • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •