CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 2CVE-2022-1016 – kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM
https://notcve.org/view.php?id=CVE-2022-1016
12 Apr 2022 — A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. Se ha encontrado un fallo en el kernel de Linux en el archivo net/netfilter/nf_tables_core.c:nft_do_chain, que puede causar un uso de memoria previamente liberada. Este problema necesita manejar "return" con las precondiciones apropiada... • http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016 • CWE-824: Access of Uninitialized Pointer CWE-909: Missing Initialization of Resource •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 2CVE-2022-1198 – Ubuntu Security Notice USN-5469-1
https://notcve.org/view.php?id=CVE-2022-1198
12 Apr 2022 — A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. Se ha detectado una vulnerabilidad de uso de memoria previamente liberada en el archivo drivers/net/hamradio/6pack.c de linux que permite a un atacante bloquear el kernel de linux al simular el dispositivo ax25 mediante el controlador 6pack desde el espacio de usuario It was discovered that the Linux kernel did no... • https://access.redhat.com/security/cve/CVE-2022-1198 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1195 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2022-1195
12 Apr 2022 — A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en el kernel de Linux en drivers/net/hamradio. Este fallo permite a un atacante local con privilegio de usuario causar una denegación de servicio (DOS) cuando el dispositivo mkiss o sixp... • https://bugzilla.redhat.com/show_bug.cgi?id=2056381 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 2CVE-2022-0850 – kernel: information leak in copy_page_to_iter() in iov_iter.c
https://notcve.org/view.php?id=CVE-2022-0850
12 Apr 2022 — A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. Se encontró una vulnerabilidad en el kernel de linux, donde es producido un filtrado de información por medio de la función ext4_extent_header al espacio de usuario An information leak flaw was found via ext4_extent_header in fs/ext4/extents.c in the Linux kernel. This flaw could allow a local attacker to cause a denial of service. It was discovered that the framebuffer driver on the Linux kernel... • https://access.redhat.com/security/cve/CVE-2022-0850 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 26EXPL: 0CVE-2022-1048 – kernel: race condition in snd_pcm_hw_free leading to use-after-free
https://notcve.org/view.php?id=CVE-2022-1048
12 Apr 2022 — A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en el subsistema de sonido del kernel de Linux en la forma en que un usuario desencadena las llamadas concurrentes de PCM hw_params. ... • https://bugzilla.redhat.com/show_bug.cgi?id=2066706 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1205 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2022-1205
12 Apr 2022 — A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. Se ha encontrado un fallo de desreferencia de puntero NULL en la funcionalidad del protocolo AX.25 de Radio Aficionados del kernel de Linux en la forma en que un usuario es conectado con el protocolo. Este fallo permite a un usuario local bloquear el sistema Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke X... • https://access.redhat.com/security/cve/CVE-2022-1205 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-1199 – Ubuntu Security Notice USN-5469-1
https://notcve.org/view.php?id=CVE-2022-1199
12 Apr 2022 — A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. Se ha encontrado un fallo en el kernel de Linux. Este fallo permite a un atacante bloquear el kernel de Linux al simular la radioafición desde el espacio de usuario, resultando en una vulnerabilidad null-ptr-deref y una vulnerabilidad de uso de memoria previamente liberada It was discovere... • https://access.redhat.com/security/cve/CVE-2022-1199 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-28388 – kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c
https://notcve.org/view.php?id=CVE-2022-28388
03 Apr 2022 — usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. La función usb_8dev_start_xmit en el archivo drivers/net/can/usb/usb_8dev.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación A double-free flaw was found in the Linux kernel's USB2CAN interface implementation. This issue could allow a local user to crash the system. It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle ... • https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-28389 – Ubuntu Security Notice USN-5469-1
https://notcve.org/view.php?id=CVE-2022-28389
03 Apr 2022 — mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. La función mcba_usb_start_xmit en el archivo drivers/net/can/usb/mcba_usb.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfi... • https://github.com/torvalds/linux/commit/04c9b00ba83594a29813d6b1fb8fdc93a3915174 • CWE-415: Double Free •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2022-28390 – kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
https://notcve.org/view.php?id=CVE-2022-28390
03 Apr 2022 — ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. La función ems_usb_start_xmit en el archivo drivers/net/can/usb/ems_usb.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación A double-free flaw was found in the Linux kernel in the ems_usb_start_xmit function. This flaw allows an attacker to create a memory leak and corrupt the underlying data structure by calling free more than once. It was discovered that the Linux kernel did ... • https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646 • CWE-415: Double Free •