CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32296 – Ubuntu Security Notice USN-5684-1
https://notcve.org/view.php?id=CVE-2022-32296
05 Jun 2022 — The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. El kernel de Linux anterior a la versión 5.17.9 permite a los servidores TCP identificar a los clientes observando qué puertos de origen se utilizan. Esto ocurre debido al uso del Algoritmo 4 ("Double-Hash Port Selection Algorithm") del RFC 6056 It was discovered that the framebuffer driver on the Linux ... • https://arxiv.org/abs/2209.12993 • CWE-330: Use of Insufficiently Random Values •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-1789 – kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva
https://notcve.org/view.php?id=CVE-2022-1789
31 May 2022 — With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. Con shadow paging habilitada, la instrucción INVPCID resulta en una llamada a kvm_mmu_invpcid_gva. Si INVPCID es ejecutado con CR0.PG=0, la llamada de retorno invlpg no es establecida y el resultado es una desreferencia de puntero NULL A flaw was found in KVM. With shadow paging enabled if INVPCID is e... • https://bugzilla.redhat.com/show_bug.cgi?id=1832397 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-1652 – Ubuntu Security Notice USN-5582-1
https://notcve.org/view.php?id=CVE-2022-1652
31 May 2022 — Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. El Kernel de Linux podría permitir a un atacante local ejecutar código arbitrario en el sistema, causado por un fallo de uso de memoria previamente liberada concurrente en la función bad_f... • https://bugzilla.redhat.com/show_bug.cgi?id=1832397 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0168 – kernel: smb2_ioctl_query_info NULL pointer dereference
https://notcve.org/view.php?id=CVE-2022-0168
28 May 2022 — A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. Se encontró un problema de denegación de servicio (DOS) en la función smb2_ioctl_query_info del kernel de Linux en el archivo fs/cifs/smb2ops.c Common Internet File System (CIFS) debido a un retorno incorrecto de la ... • https://access.redhat.com/security/cve/CVE-2022-0168 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-1204 – Ubuntu Security Notice USN-5469-1
https://notcve.org/view.php?id=CVE-2022-1204
28 May 2022 — A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. Se ha encontrado un fallo de uso de memoria previamente liberada en la funcionalidad del protocolo AX.25 de radioaficionados del kernel de Linux en la forma en que un usuario es conectado con el protocolo. Este fallo permite a un usuario local bloquear el sistema It was discovered that the implementation of the 6pack... • https://access.redhat.com/security/cve/CVE-2022-1204 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1804 – Accountsservice incorrectly drops privileges
https://notcve.org/view.php?id=CVE-2022-1804
24 May 2022 — accountsservice no longer drops permissions when writting .pam_environment Gunnar Hjalmarsson discovered that AccountsService incorrectly dropped privileges. A local user could possibly use this issue to cause AccountsService to crash or stop responding, resulting in a denial of service. • https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250 • CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 24EXPL: 2CVE-2022-1734 – Ubuntu Security Notice USN-5582-1
https://notcve.org/view.php?id=CVE-2022-1734
18 May 2022 — A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. Un fallo en el Kernel de Linux encontrado en nfcmrvl_nci_unregister_dev() en el archivo drivers/nfc/nfcmrvl/main.c puede conllevar a un uso de memoria previamente liberada de lectura o escritura cuando no está sincronizado entre la rutina de limpieza y la rutina de descarga del firmware Zhenpeng L... • http://www.openwall.com/lists/oss-security/2022/06/05/4 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1419 – Ubuntu Security Notice USN-5500-1
https://notcve.org/view.php?id=CVE-2022-1419
16 May 2022 — The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. La causa principal de esta vulnerabilidad es que el ioctl$DRM_IOCTL_MODE_DESTROY_DUMB puede disminuir el refcount de *drm_vgem_gem_object *(creado en *vgem_gem_dumb_create*) simultáneamente, y *vgem_gem_dumb_create *accederá al drm_vgem_gem_object liberado It wa... • https://bugzilla.redhat.com/show_bug.cgi?id=2077560 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 3CVE-2022-30594 – kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
https://notcve.org/view.php?id=CVE-2022-30594
12 May 2022 — The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. El kernel de Linux versiones anteriores a 5.17.2, maneja inapropiadamente los permisos de seccomp. La ruta de código PTRACE_SEIZE permite a atacantes omitir las restricciones previstas al establecer el flag PT_SUSPEND_SECCOMP A flaw was found in the Linux kernel. The PTRACE_SEIZE code path allows attackers to bypass intended restri... • https://packetstorm.news/files/id/170362 • CWE-276: Incorrect Default Permissions CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4037 – kernel: security regression for CVE-2018-13405
https://notcve.org/view.php?id=CVE-2021-4037
11 May 2022 — A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2... • https://access.redhat.com/security/cve/CVE-2021-4037 • CWE-284: Improper Access Control •