CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-3545 – Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free
https://notcve.org/view.php?id=CVE-2022-3545
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. • https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20221223-0003 https://vuldb.com/?id.211045 https://www.debian.org/security/2023/dsa-5324 https://access.redhat.com/security/cve/CVE-2022-3545 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0CVE-2022-3564 – Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free
https://notcve.org/view.php?id=CVE-2022-3564
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://security.netapp.com/advisory/ntap-20221223-0001 https://vuldb.com/?id.211087 https://access.redhat.com/security/cve/CVE-2022-3564 https://bugzilla.redhat.com/show_bug.cgi?id=2150999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 2.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3521 – Linux Kernel kcm kcmsock.c kcm_tx_work race condition
https://notcve.org/view.php?id=CVE-2022-3521
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec7eede369fe5b0d085ac51fdbb95184f87bfc6c https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://vuldb.com/?id.211018 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-3524 – Linux Kernel IPv6 ipv6_renew_options memory leak
https://notcve.org/view.php?id=CVE-2022-3524
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://vuldb.com/?id.211021 https://access.redhat.com/security/cve/CVE-2022-3524 https://bugzilla.redhat.com/show_bug.cgi?id=2150947 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 2CVE-2022-2850 – 389-ds-base: SIGSEGV in sync_repl
https://notcve.org/view.php?id=CVE-2022-2850
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. Se ha encontrado un fallo en 389-ds-base. • https://access.redhat.com/security/cve/CVE-2022-2850 https://bugzilla.redhat.com/show_bug.cgi?id=2118691 https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html • CWE-476: NULL Pointer Dereference •