CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-24958 – Ubuntu Security Notice USN-5468-1
https://notcve.org/view.php?id=CVE-2022-24958
11 Feb 2022 — drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. el archivo drivers/usb/gadget/legacy/inode.c en el kernel de Linux versiones hasta 5.16.8 maneja inapropiadamente la liberación dev-) buf Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to ex... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24959 – Ubuntu Security Notice USN-5383-1
https://notcve.org/view.php?id=CVE-2022-24959
11 Feb 2022 — An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.16.5. Se presenta una pérdida de memoria en la función yam_siocdevprivate en el archivo drivers/net/hamradio/yam.c Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can co... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0382 – Ubuntu Security Notice USN-5337-1
https://notcve.org/view.php?id=CVE-2022-0382
11 Feb 2022 — An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1. Se ha encontrado un fallo de fuga de información debido a una memoria no inicializada en el subsistema de protocolo TIPC de... • https://github.com/torvalds/linux/commit/d6d86830705f173fca6087a3e67ceaf68db80523 • CWE-909: Missing Initialization of Resource •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4159 – Ubuntu Security Notice USN-5790-1
https://notcve.org/view.php?id=CVE-2021-4159
10 Feb 2022 — A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. Se encontró una vulnerabilidad en el verificador EBPF del kernel de Linux cuando son manejadas estructuras de datos internas. Las ubicaciones de memoria interna ... • https://access.redhat.com/security/cve/CVE-2021-4159 • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 7.8EPSS: 0%CPEs: 79EXPL: 0CVE-2022-0330 – kernel: possible privileges escalation due to missing TLB flush
https://notcve.org/view.php?id=CVE-2022-0330
10 Feb 2022 — A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Se ha encontrado un fallo de acceso aleatorio a la memoria en la funcionalidad del controlador del kernel de la GPU i915 de Linux en la forma en que un usuario puede ejecutar código malicioso en la GPU. Este fallo permite a un usuario local bloquear el sistema o escal... • http://www.openwall.com/lists/oss-security/2022/11/30/1 • CWE-281: Improper Preservation of Permissions •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0487 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2022-0487
04 Feb 2022 — A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en la función rtsx_usb_ms_drv_remove en el archivo drivers/memstick/host/rtsx_usb_ms.c en memstick en el kernel de Linux. En este fallo, un atacante local co... • https://bugzilla.redhat.com/show_bug.cgi?id=2044561 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24448 – kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR
https://notcve.org/view.php?id=CVE-2022-24448
04 Feb 2022 — An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. Se ha detectado un problema en el archivo fs/nfs/dir.c en el kernel de Linux versiones anteriores a 5.16.5. Si una aplicación establece la bandera O_DIRECTORY, y trata de abrir un archivo r... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5 • CWE-755: Improper Handling of Exceptional Conditions CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-0264 – Ubuntu Security Notice USN-5337-1
https://notcve.org/view.php?id=CVE-2022-0264
04 Feb 2022 — A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6 Se encontró una vulnerabilidad en el verificador eBPF del kernel de Linux cuando son manejados estructuras de dato... • https://bugzilla.redhat.com/show_bug.cgi?id=2041547 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 2CVE-2021-4149 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2021-4149
25 Jan 2022 — A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. Se encontró una vulnerabilidad en la función btrfs_alloc_tree_b en el archivo fs/btrfs/extent-tree.c en el kernel de Linux debido a una operación de bloqueo inapropiada en btrfs. En este fallo, un usuario con privilegio local puede causar una denegación de servicio (... • https://bugzilla.redhat.com/show_bug.cgi?id=2026485 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-4135 – Ubuntu Security Notice USN-5337-1
https://notcve.org/view.php?id=CVE-2021-4135
25 Jan 2022 — A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. Se ha encontrado una vulnerabilidad de pérdida de memoria en el eBPF del kernel de Linux para el controlador del dispositivo de red simulado en la forma en que el usuario usa el BPF para el dispositivo, de manera que es llamado a la func... • https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •