CVSS: 8.8EPSS: 1%CPEs: 10EXPL: 1CVE-2022-42719
https://notcve.org/view.php?id=CVE-2022-42719
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. Un uso de memoria previamente liberada en la pila mac80211 cuando ea analizado un elemento multi-BSSID en el kernel de Linux versiones 5.2 hasta 5.19.14, podría ser usado por atacantes (capaces de inyectar tramas WLAN) para bloquear el kernel y potencialmente ejecutar código • http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html http://www.openwall.com/lists/oss-security/2022/10/13/2 http://www.openwall.com/lists/oss-security/2022/10/13/5 https://bugzilla.suse.com/show_bug.cgi?id=1204051 https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lists.fedoraproject.org/archives/list& • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3435 – Linux Kernel IPv4 fib_semantics.c fib_nh_match out-of-bounds
https://notcve.org/view.php?id=CVE-2022-3435
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. • https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern%40kernel.org/T/#u https://vuldb.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40768
https://notcve.org/view.php?id=CVE-2022-40768
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. El archivo drivers/scsi/stex.c en el kernel de Linux versiones hasta 5.19.9, permite a usuarios locales obtener información confidencial de la memoria del kernel porque stex_queuecommand_lck carece de memset para el caso PASSTHRU_CMD • http://www.openwall.com/lists/oss-security/2022/09/19/1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6022f210461fef67e6e676fd8544ca02d1bcfa7a https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/scsi/stex.c https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY https://lists.fedoraproject.org/archives/list/packa • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3169
https://notcve.org/view.php?id=CVE-2022-3169
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. Se ha encontrado un fallo en el kernel de Linux. Puede producirse un fallo de denegación de servicio si se presenta una petición consecutiva del NVME_IOCTL_RESET y del NVME_IOCTL_SUBSYS_RESET mediante el archivo de dispositivo del controlador, resultando en una desconexión del enlace PCIe • https://bugzilla.kernel.org/show_bug.cgi?id=214771 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 2CVE-2022-1247
https://notcve.org/view.php?id=CVE-2022-1247
An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero. Se ha encontrado un problema en linux-kernel que conlleva a una condición de carrera en la función rose_connect(). El controlador de rose usa rose_neigh-)use para representar cuántos objetos están usando el rose_neigh. • https://access.redhat.com/security/cve/CVE-2022-1247 https://bugzilla.redhat.com/show_bug.cgi?id=2066799 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •