CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-3113
https://notcve.org/view.php?id=CVE-2022-3113
14 Dec 2022 — An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference. Se descubrió un problema en el kernel de Linux hasta 5.16-rc6. mtk_vcodec_fw_vpu_init en drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c carece de verificación del valor de retorno de devm_kzalloc() y provocará la desreferencia del puntero nulo. • https://bugzilla.redhat.com/show_bug.cgi?id=2153053 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-3114
https://notcve.org/view.php?id=CVE-2022-3114
14 Dec 2022 — An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference. Se descubrió un problema en el kernel de Linux hasta 5.16-rc6. imx_register_uart_clocks en drivers/clk/imx/clk.c carece de verificación del valor de retorno de kcalloc() y provocará la desreferencia del puntero nulo. • https://bugzilla.redhat.com/show_bug.cgi?id=2153054 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-3115
https://notcve.org/view.php?id=CVE-2022-3115
14 Dec 2022 — An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. Se descubrió un problema en el kernel de Linux hasta 5.16-rc6. malidp_crtc_reset en drivers/gpu/drm/arm/malidp_crtc.c carece de verificación del valor de retorno de kzalloc() y provocará la desreferencia del puntero nulo. • https://bugzilla.redhat.com/show_bug.cgi?id=2153058 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42328
https://notcve.org/view.php?id=CVE-2022-42328
07 Dec 2022 — Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver ... • http://www.openwall.com/lists/oss-security/2022/12/08/2 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42329
https://notcve.org/view.php?id=CVE-2022-42329
07 Dec 2022 — Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver ... • http://www.openwall.com/lists/oss-security/2022/12/08/2 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-45869 – kernel: KVM: x86/mmu: race condition in direct_page_fault()
https://notcve.org/view.php?id=CVE-2022-45869
30 Nov 2022 — A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled. Una condición de carrera en el subsistema KVM x86 en el kernel de Linux hasta 6.1-rc6 permite a los usuarios del sistema operativo invitado provocar una denegación de servicio (caída del sistema operativo anfitrión o corrupción de la memoria del sistema operativo anfitrión) cuando ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47b0c2e4c220f2251fd8dcfbb44479819c715e15 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4127
https://notcve.org/view.php?id=CVE-2022-4127
28 Nov 2022 — A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service. Se descubrió un problema de desreferencia de puntero NULL en el kernel de Linux en io_files_update_with_index_alloc. Un usuario local podría utilizar esta falla para bloquear potencialmente el sistema y provocar una Denegación de Servicio (DoS). • https://github.com/torvalds/linux/commit/d785a773bed966a75ca1f11d108ae1897189975b • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45884 – kernel: use-after-free due to race condition occurring in dvb_register_device()
https://notcve.org/view.php?id=CVE-2022-45884
25 Nov 2022 — An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/dvb-core/dvbdev.c tiene un use-after-free, relacionado con dvb_register_device que asigna dinámicamente fops. A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could oc... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45885
https://notcve.org/view.php?id=CVE-2022-45885
25 Nov 2022 — An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/dvb-core/dvb_frontend.c tiene una condición de carrera que puede provocar un use-after-free cuando se desconecta un dispositivo. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45887 – kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c
https://notcve.org/view.php?id=CVE-2022-45887
25 Nov 2022 — An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c tiene una pérdida de memoria debido a la falta de una llamada dvb_frontend_detach. A memory leak issue was found in the Linux kernel media subsystem in the TTUSB DEC driver. It could occur in the ttusb_dec_exit_dvb() function because... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517a281338322ff8293f988771c98aaa7205e457 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •