CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-4337 – openvswitch: Out-of-Bounds Read in Organization Specific TLV
https://notcve.org/view.php?id=CVE-2022-4337
An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. Se encontró una lectura fuera de los límites en TLV específico de la organización en varias versiones de OpenvSwitch. A flaw was found in the OpenvSwitch package. If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a denial of service. • https://github.com/openvswitch/ovs/pull/405 https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html https://security.gentoo.org/glsa/202311-16 https://www.debian.org/security/2023/dsa-5319 https://www.openwall.com/lists/oss-security/2022/12/21/4 https://access.redhat.com/security/cve/CVE-2022-4337 https://bugzilla.redhat.com/show_bug.cgi?id=2155378 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2196 – Speculative execution attacks in KVM VMX
https://notcve.org/view.php?id=CVE-2022-2196
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a A flaw was found in the KVM's Intel nested virtualization feature (nVMX). Since L1 and L2 shared branch prediction modes (guest-user and guest-kernel), KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 https://kernel.dance/#2e7eab81425a https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://access.redhat.com/security/cve/CVE-2022-2196 https://bugzilla.redhat.com/show_bug.cgi?id=2160023 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-47655
https://notcve.org/view.php?id=CVE-2022-47655
Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short> Libde265 1.0.9 es vulnerable al desbordamiento del búfer en la función void put_qpel_fallback • https://github.com/strukturag/libde265/issues/367 https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html https://www.debian.org/security/2023/dsa-5346 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 28EXPL: 0CVE-2022-42257
https://notcve.org/view.php?id=CVE-2022-42257
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service. NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel (nvidia.ko), donde un desbordamiento de enteros puede provocar la divulgación de información, la manipulación de datos o la Denegación de Servicio (DoS). • https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html https://nvidia.custhelp.com/app/answers/detail/a_id/5415 https://security.gentoo.org/glsa/202310-02 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.3EPSS: 0%CPEs: 28EXPL: 0CVE-2022-42258
https://notcve.org/view.php?id=CVE-2022-42258
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. NVIDIA GPU Display Driver para Linux contiene una vulnerabilidad en la capa del modo kernel (nvidia.ko), donde un desbordamiento de enteros puede provocar Denegación de Servicio (DoS), manipulación de datos o divulgación de información. • https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html https://nvidia.custhelp.com/app/answers/detail/a_id/5415 https://security.gentoo.org/glsa/202310-02 • CWE-190: Integer Overflow or Wraparound •