CVSS: 6.4EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45888
https://notcve.org/view.php?id=CVE-2022-45888
25 Nov 2022 — An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/char/xillybus/xillyusb.c tiene una condición de carrera y uso después de la liberación durante la extracción física de un dispositivo USB. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=282a4b71816b6076029017a7bab3a9dcee12a920 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 3CVE-2022-42896 – Info Leak in l2cap_core in the Linux Kernel
https://notcve.org/view.php?id=CVE-2022-42896
23 Nov 2022 — There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/... • https://github.com/Satheesh575555/linux-4.19.72_CVE-2022-42896 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-43945 – kernel: nfsd buffer overflow by RPC message over TCP with garbage data
https://notcve.org/view.php?id=CVE-2022-43945
04 Nov 2022 — The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forwar... • http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html • CWE-131: Incorrect Calculation of Buffer Size CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44032
https://notcve.org/view.php?id=CVE-2022-44032
30 Oct 2022 — An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach(). Se descubrió un problema en el kernel de Linux hasta la versión 6.0.6. drivers/char/pcmcia/cm4000_cs.c tiene una condición de ejecución y Use-After-Free resultante si un atacante físicamente cercano elimina un dispositivo PCMCIA ... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44033
https://notcve.org/view.php?id=CVE-2022-44033
30 Oct 2022 — An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach(). Se descubrió un problema en el kernel de Linux hasta la versión 6.0.6. drivers/char/pcmcia/cm4040_cs.c tiene una condición de ejecución y Use-After-Free resultante si un atacante físicamente cercano elimina un dispositivo PCMC... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44034
https://notcve.org/view.php?id=CVE-2022-44034
30 Oct 2022 — An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove(). Se descubrió un problema en el kernel de Linux hasta la versión 6.0.6. drivers/char/pcmcia/scr24x_cs.c tiene una condición de ejecución y Use-After-Free resultante si un atacante físicamente cercano elimina un dispositivo PCMC... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3344
https://notcve.org/view.php?id=CVE-2022-3344
24 Oct 2022 — A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). Se ha encontrado un fallo en la virtualización anidada AMD (SVM) de KVM. Un huésped L1 malicioso podría fallar a propósito para interceptar el apagado de un huésped anidado cooperativo (L2), posiblemente conllevando a una falla de página y pánico del kernel en el host (L0) • https://bugzilla.redhat.com/show_bug.cgi?id=2130278 • CWE-440: Expected Behavior Violation •
CVSS: 7.0EPSS: 0%CPEs: 18EXPL: 0CVE-2022-3649 – Linux Kernel BPF inode.c nilfs_new_inode use after free
https://notcve.org/view.php?id=CVE-2022-3649
21 Oct 2022 — A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d325dc6eb763c10f591c239550b8c7e5466a5d09 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3586 – Linux Kernel Net Scheduler Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-3586
19 Oct 2022 — A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. Se ha encontrado un fallo en el código de red del kernel de Linux. Ha sido encontrado un uso de memoria previamente liberada en la forma en que la función sch_sfb enqueue usó el campo cb d... • https://github.com/torvalds/linux/commit/9efd23297cca • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3606 – Linux Kernel BPF libbpf.c find_prog_by_sec_insn null pointer dereference
https://notcve.org/view.php?id=CVE-2022-3606
19 Oct 2022 — A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d382f95a9270dcf803539d6781d6bd67e3f5b2 • CWE-404: Improper Resource Shutdown or Release •