CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4037 – kernel: security regression for CVE-2018-13405
https://notcve.org/view.php?id=CVE-2021-4037
11 May 2022 — A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2... • https://access.redhat.com/security/cve/CVE-2021-4037 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3764 – kernel: DoS in ccp_run_aes_gcm_cmd() function
https://notcve.org/view.php?id=CVE-2021-3764
11 May 2022 — A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de pérdida de memoria en la función ccp_run_aes_gcm_cmd() del kernel de Linux que permite a un atacante causar una denegación de servicio. La vulnerabilidad es similar a la anterior CVE-2019-18808. • https://access.redhat.com/security/cve/CVE-2021-3764 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2022-29968
https://notcve.org/view.php?id=CVE-2022-29968
02 May 2022 — An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. Se ha detectado un problema en el kernel de Linux versiones hasta 5.17.5. La función io_rw_init_file en el archivo fs/io_uring.c carece de la inicialización de kiocb-)private • https://github.com/jprx/CVE-2022-29968 • CWE-909: Missing Initialization of Resource •
CVSS: 7.1EPSS: 0%CPEs: 29EXPL: 0CVE-2022-1353 – kernel: kernel info leak issue in pfkey_register
https://notcve.org/view.php?id=CVE-2022-1353
29 Apr 2022 — A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Se encontró una vulnerabilidad en la función pfkey_register en el archivo net/key/af_key.c en el kernel de Linux. Este fallo permite a un usuario local no privilegiado acceder a la memoria del kernel, conllevando a un bloqueo del sistema o un filtrado de información in... • https://bugzilla.redhat.com/show_bug.cgi?id=2066819 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1195
https://notcve.org/view.php?id=CVE-2022-1195
29 Apr 2022 — A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en el kernel de Linux en drivers/net/hamradio. Este fallo permite a un atacante local con privilegio de usuario causar una denegación de servicio (DOS) cuando el dispositivo mkiss o sixp... • https://bugzilla.redhat.com/show_bug.cgi?id=2056381 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 2CVE-2022-29582
https://notcve.org/view.php?id=CVE-2022-29582
22 Apr 2022 — In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. En el kernel de Linux versiones anteriores a 5.17.3, el archivo fs/io_uring.c presenta un uso de memoria previamente liberada debido a una condición de carrera en la función io_uring timeouts. Esto puede ser desencadenado por un usuario local qu... • https://github.com/Ruia-ruia/CVE-2022-29582-Exploit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 13CVE-2022-1015
https://notcve.org/view.php?id=CVE-2022-1015
21 Apr 2022 — A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. Se ha encontrado un fallo en el kernel de Linux en el archivo linux/net/netfilter/nf_tables_api.c del subsistema netfilter. Este fallo permite a un usuario local causar un problema de escritura fuera de límites • https://github.com/pqlx/CVE-2022-1015 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 2CVE-2022-1016 – kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM
https://notcve.org/view.php?id=CVE-2022-1016
21 Apr 2022 — A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. Se ha encontrado un fallo en el kernel de Linux en el archivo net/netfilter/nf_tables_core.c:nft_do_chain, que puede causar un uso de memoria previamente liberada. Este problema necesita manejar "return" con las precondiciones apropiada... • http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016 • CWE-824: Access of Uninitialized Pointer CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2011-4917
https://notcve.org/view.php?id=CVE-2011-4917
18 Apr 2022 — In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat. En el kernel de Linux versiones hasta 3.1, Se presenta un problema de divulgación de información por medio de /proc/stat • https://lkml.org/lkml/2011/11/7/340 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-28388 – kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c
https://notcve.org/view.php?id=CVE-2022-28388
03 Apr 2022 — usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. La función usb_8dev_start_xmit en el archivo drivers/net/can/usb/usb_8dev.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación A double-free flaw was found in the Linux kernel's USB2CAN interface implementation. This issue could allow a local user to crash the system. • https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2 • CWE-415: Double Free •