CVE-2022-2964 – kernel: memory corruption in AX88179_178A based USB ethernet device.
https://notcve.org/view.php?id=CVE-2022-2964
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. Se ha encontrado un fallo en el controlador del kernel de Linux para los dispositivos USB 2.0/3.0 Gigabit Ethernet basados en ASIX versión AX88179_178A. La vulnerabilidad contiene múltiples lecturas fuera de límites y posibles escrituras fuera de límites • https://bugzilla.redhat.com/show_bug.cgi?id=2067482 https://security.netapp.com/advisory/ntap-20230113-0001 https://access.redhat.com/security/cve/CVE-2022-2964 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2022-39046
https://notcve.org/view.php?id=CVE-2022-39046
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. Se ha detectado un problema en la biblioteca GNU C (glibc) versión 2.36. Cuando a la función syslog le es pasada una cadena de entrada diseñada de más de 1024 bytes, lee memoria no inicializada de la pila y la imprime en el archivo de registro de destino, revelando potencialmente una parte del contenido de la pila • http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html http://seclists.org/fulldisclosure/2024/Feb/3 http://www.openwall.com/lists/oss-security/2024/01/30/6 http://www.openwall.com/lists/oss-security/2024/01/30/8 https://security.gentoo.org/glsa/202310-03 https://security.netapp.com/advisory/ntap-20221104-0002 https://sourceware.org/bugzilla/show_bug.cgi?id=29536 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-2961
https://notcve.org/view.php?id=CVE-2022-2961
A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en la funcionalidad PLP Rose del kernel de Linux en la forma en que un usuario desencadena una condición de carrera al llamar a bind mientras es desencadenada simultáneamente la función rose_bind(). Este fallo permite a un usuario local bloquearse o escalar potencialmente sus privilegios en el sistema • https://access.redhat.com/security/cve/CVE-2022-2961 https://security.netapp.com/advisory/ntap-20230214-0004 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2021-4204 – kernel: improper input validation may lead to privilege escalation
https://notcve.org/view.php?id=CVE-2021-4204
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. Se ha encontrado un fallo de acceso a memoria fuera de límites (OOB) en el eBPF del kernel de Linux debido a una comprobación de entrada inapropiada. Este fallo permite a un atacante local con un privilegio especial bloquear el sistema o filtrar información interna. • https://github.com/tr3ee/CVE-2021-4204 https://access.redhat.com/security/cve/CVE-2021-4204 https://bugzilla.redhat.com/show_bug.cgi?id=2039178 https://security-tracker.debian.org/tracker/CVE-2021-4204 https://security.netapp.com/advisory/ntap-20221228-0003 https://www.openwall.com/lists/oss-security/2022/01/11/4 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2022-2938 – kernel: use-after-free when psi trigger is destroyed while being polled
https://notcve.org/view.php?id=CVE-2022-2938
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. Se ha encontrado un fallo en la implementación del kernel de Linux de la Información de Bloqueo de Presión. Aunque la función está deshabilitada por defecto, podría permitir a un atacante bloquear el sistema o tener otros efectos secundarios de corrupción de memoria. A flaw was found in the Linux kernel’s implementation of Pressure Stall Information. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848 https://security.netapp.com/advisory/ntap-20221223-0002 https://access.redhat.com/security/cve/CVE-2022-2938 https://bugzilla.redhat.com/show_bug.cgi?id=2120175 • CWE-416: Use After Free •