CVE-2022-3649 – Linux Kernel BPF inode.c nilfs_new_inode use after free
https://notcve.org/view.php?id=CVE-2022-3649
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d325dc6eb763c10f591c239550b8c7e5466a5d09 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://security.netapp.com/advisory/ntap-20230214-0009 https://vuldb.com/?id.211992 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2022-3545 – Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free
https://notcve.org/view.php?id=CVE-2022-3545
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. • https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20221223-0003 https://vuldb.com/?id.211045 https://www.debian.org/security/2023/dsa-5324 https://access.redhat.com/security/cve/CVE-2022-3545 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVE-2022-3564 – Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free
https://notcve.org/view.php?id=CVE-2022-3564
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://security.netapp.com/advisory/ntap-20221223-0001 https://vuldb.com/?id.211087 https://access.redhat.com/security/cve/CVE-2022-3564 https://bugzilla.redhat.com/show_bug.cgi?id=2150999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2022-3202
https://notcve.org/view.php?id=CVE-2022-3202
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. Un fallo de desreferencia de puntero NULL en diFree en el archivo fs/jfs/inode.c en Journaled File System (JFS) en el kernel de Linux. Esto podría permitir a un atacante local bloquear el sistema o filtrar información interna del kernel • https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47 https://security.netapp.com/advisory/ntap-20221228-0007 • CWE-476: NULL Pointer Dereference •
CVE-2022-2964 – kernel: memory corruption in AX88179_178A based USB ethernet device.
https://notcve.org/view.php?id=CVE-2022-2964
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. Se ha encontrado un fallo en el controlador del kernel de Linux para los dispositivos USB 2.0/3.0 Gigabit Ethernet basados en ASIX versión AX88179_178A. La vulnerabilidad contiene múltiples lecturas fuera de límites y posibles escrituras fuera de límites • https://bugzilla.redhat.com/show_bug.cgi?id=2067482 https://security.netapp.com/advisory/ntap-20230113-0001 https://access.redhat.com/security/cve/CVE-2022-2964 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •