CVSS: 8.4EPSS: 0%CPEs: 20EXPL: 7CVE-2022-0185 – Linux Kernel Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2022-0185
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. Se ha encontrado un fallo de desbordamiento de búfer en la región heap de la memoria en la forma en que la función legacy_parse_param de la funcionalidad Filesystem Context del kernel de Linux verifica la longitud de los parámetros suministrados. Un usuario local no privilegiado (en caso de tener habilitados los espacios de nombres de usuario no privilegiado, de lo contrario necesita el privilegio CAP_SYS_ADMIN) capaz de abrir un sistema de archivos que no soporta la API Filesystem Context (y por lo tanto los fallbacks a la administración de legado) podría usar este fallo para escalar sus privilegios en el sistema Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges. • https://github.com/Crusaders-of-Rust/CVE-2022-0185 https://github.com/chenaotian/CVE-2022-0185 https://github.com/veritas501/CVE-2022-0185-PipeVersion https://github.com/featherL/CVE-2022-0185-exploit https://github.com/dcheng69/CVE-2022-0185-Case-Study https://github.com/khaclep007/CVE-2022-0185 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2 https://security.netapp.com/advisory/ntap-20220225-0003 https://www.openwall.com/lists/o • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 4CVE-2022-23222 – kernel: local privileges escalation in kernel/bpf/verifier.c
https://notcve.org/view.php?id=CVE-2022-23222
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. El archivo kernel/bpf/verifier.c en el kernel de Linux versiones hasta 5.15.14, permite a usuarios locales alcanzar privilegios debido a una disponibilidad de la aritmética de punteros por medio de determinados tipos de punteros *_OR_NULL A flaw was found in the Linux kernel's adjust_ptr_min_max_vals in the kernel/bpf/verifier.c function. In this flaw, a missing sanity check for *_OR_NULL pointer types that perform pointer arithmetic may cause a kernel information leak issue. • https://github.com/tr3ee/CVE-2022-23222 https://github.com/PenteraIO/CVE-2022-23222-POC https://github.com/FridayOrtiz/CVE-2022-23222 http://www.openwall.com/lists/oss-security/2022/01/14/1 http://www.openwall.com/lists/oss-security/2022/01/18/2 http://www.openwall.com/lists/oss-security/2022/06/01/1 http://www.openwall.com/lists/oss-security/2022/06/04/3 http://www.openwall.com/lists/oss-security/2022/06/07/3 https://bugzilla.suse.com/show_ • CWE-476: NULL Pointer Dereference CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.1EPSS: 0%CPEs: 19EXPL: 0CVE-2021-4090
https://notcve.org/view.php?id=CVE-2021-4090
An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat. Se encontró un fallo de escritura en memoria fuera de límites (OOB) en el NFSD del kernel de Linux. Una falta de saneo puede conllevar a una escritura más allá de bmval[bmlen-1] en nfsd4_decode_bitmap4 en el archivo fs/nfsd/nfs4xdr.c. • https://bugzilla.redhat.com/show_bug.cgi?id=2025101 https://lore.kernel.org/linux-nfs/163692036074.16710.5678362976688977923.stgit%40klimt.1015granger.net https://security.netapp.com/advisory/ntap-20220318-0010 • CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0CVE-2021-4083 – kernel: fget: check that the fd still exists after getting a ref to it
https://notcve.org/view.php?id=CVE-2021-4083
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. Se ha encontrado un fallo de lectura de memoria previamente liberada en la recolección de basura del kernel de Linux para los manejadores de archivos de socket de dominio Unix en la forma en que los usuarios llaman a close() y fget() simultáneamente y puede potencialmente desencadenar una condición de carrera. Este fallo permite a un usuario local bloquear el sistema o escalar sus privilegios en el sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=2029923 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20220217-0005 https://www.debian.org/security/2022/dsa-5096 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-202 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2021-45485 – kernel: information leak in the IPv6 implementation
https://notcve.org/view.php?id=CVE-2021-45485
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. En la implementación de IPv6 en el kernel de Linux versiones anteriores a 5.13.3, el archivo net/ipv6/output_core.c presenta un filtrado de información debido a determinado uso de una tabla hash que, aunque es grande, no considera apropiadamente que atacantes basados en IPv6 pueden elegir típicamente entre muchas direcciones de origen IPv6 An information leak flaw was found in the Linux kernel’s IPv6 implementation in the __ipv6_select_ident in net/ipv6/output_core.c function. The use of a small hash table in IP ID generation allows a remote attacker to reveal sensitive information. • https://arxiv.org/pdf/2112.09604.pdf https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99 https://security.netapp.com/advisory/ntap-20220121-0001 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2021-45485 https://bugzilla.redhat.com/show_bug.cgi?id=2039911 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •