CVE-2022-24122
https://notcve.org/view.php?id=CVE-2022-24122
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. El archivo kernel/ucount.c en el kernel de Linux versiones 5.14 hasta 5.16.4, cuando los espacios de nombres de los usuarios no privilegiados están habilitados, permite un uso de memoria previamente liberada y una escalada de privilegios porque un objeto ucounts puede sobrevivir a su espacio de nombres • https://github.com/meowmeowxw/CVE-2022-24122 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9d87929d451d3e649699d0f1d74f71f77ad38f5 https://github.com/torvalds/linux/commit/f9d87929d451d3e649699d0f1d74f71f77ad38f5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSR3AI2IQGRKZCHNKF6S25JGDKUEAWWL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVSZKUJAZ2VN6LJ35J2B6YD6BOPQTU3B https://security.netapp.com/advisory/ntap-20220221-0001 htt • CWE-416: Use After Free •
CVE-2022-0185 – Linux Kernel Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2022-0185
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. Se ha encontrado un fallo de desbordamiento de búfer en la región heap de la memoria en la forma en que la función legacy_parse_param de la funcionalidad Filesystem Context del kernel de Linux verifica la longitud de los parámetros suministrados. Un usuario local no privilegiado (en caso de tener habilitados los espacios de nombres de usuario no privilegiado, de lo contrario necesita el privilegio CAP_SYS_ADMIN) capaz de abrir un sistema de archivos que no soporta la API Filesystem Context (y por lo tanto los fallbacks a la administración de legado) podría usar este fallo para escalar sus privilegios en el sistema Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges. • https://github.com/Crusaders-of-Rust/CVE-2022-0185 https://github.com/chenaotian/CVE-2022-0185 https://github.com/veritas501/CVE-2022-0185-PipeVersion https://github.com/featherL/CVE-2022-0185-exploit https://github.com/dcheng69/CVE-2022-0185-Case-Study https://github.com/khaclep007/CVE-2022-0185 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2 https://security.netapp.com/advisory/ntap-20220225-0003 https://www.openwall.com/lists/o • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2022-23222 – kernel: local privileges escalation in kernel/bpf/verifier.c
https://notcve.org/view.php?id=CVE-2022-23222
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. El archivo kernel/bpf/verifier.c en el kernel de Linux versiones hasta 5.15.14, permite a usuarios locales alcanzar privilegios debido a una disponibilidad de la aritmética de punteros por medio de determinados tipos de punteros *_OR_NULL A flaw was found in the Linux kernel's adjust_ptr_min_max_vals in the kernel/bpf/verifier.c function. In this flaw, a missing sanity check for *_OR_NULL pointer types that perform pointer arithmetic may cause a kernel information leak issue. • https://github.com/tr3ee/CVE-2022-23222 https://github.com/PenteraIO/CVE-2022-23222-POC https://github.com/FridayOrtiz/CVE-2022-23222 http://www.openwall.com/lists/oss-security/2022/01/14/1 http://www.openwall.com/lists/oss-security/2022/01/18/2 http://www.openwall.com/lists/oss-security/2022/06/01/1 http://www.openwall.com/lists/oss-security/2022/06/04/3 http://www.openwall.com/lists/oss-security/2022/06/07/3 https://bugzilla.suse.com/show_ • CWE-476: NULL Pointer Dereference CWE-763: Release of Invalid Pointer or Reference •
CVE-2021-4090
https://notcve.org/view.php?id=CVE-2021-4090
An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat. Se encontró un fallo de escritura en memoria fuera de límites (OOB) en el NFSD del kernel de Linux. Una falta de saneo puede conllevar a una escritura más allá de bmval[bmlen-1] en nfsd4_decode_bitmap4 en el archivo fs/nfsd/nfs4xdr.c. • https://bugzilla.redhat.com/show_bug.cgi?id=2025101 https://lore.kernel.org/linux-nfs/163692036074.16710.5678362976688977923.stgit%40klimt.1015granger.net https://security.netapp.com/advisory/ntap-20220318-0010 • CWE-787: Out-of-bounds Write •
CVE-2021-4083 – kernel: fget: check that the fd still exists after getting a ref to it
https://notcve.org/view.php?id=CVE-2021-4083
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. Se ha encontrado un fallo de lectura de memoria previamente liberada en la recolección de basura del kernel de Linux para los manejadores de archivos de socket de dominio Unix en la forma en que los usuarios llaman a close() y fget() simultáneamente y puede potencialmente desencadenar una condición de carrera. Este fallo permite a un usuario local bloquear el sistema o escalar sus privilegios en el sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=2029923 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20220217-0005 https://www.debian.org/security/2022/dsa-5096 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-202 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •