CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1205
https://notcve.org/view.php?id=CVE-2022-1205
28 May 2022 — A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. Se ha encontrado un fallo de desreferencia de puntero NULL en la funcionalidad del protocolo AX.25 de Radio Aficionados del kernel de Linux en la forma en que un usuario es conectado con el protocolo. Este fallo permite a un usuario local bloquear el sistema • https://access.redhat.com/security/cve/CVE-2022-1205 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0168 – kernel: smb2_ioctl_query_info NULL pointer dereference
https://notcve.org/view.php?id=CVE-2022-0168
28 May 2022 — A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. Se encontró un problema de denegación de servicio (DOS) en la función smb2_ioctl_query_info del kernel de Linux en el archivo fs/cifs/smb2ops.c Common Internet File System (CIFS) debido a un retorno incorrecto de la ... • https://access.redhat.com/security/cve/CVE-2022-0168 • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 24EXPL: 2CVE-2022-1734
https://notcve.org/view.php?id=CVE-2022-1734
18 May 2022 — A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. Un fallo en el Kernel de Linux encontrado en nfcmrvl_nci_unregister_dev() en el archivo drivers/nfc/nfcmrvl/main.c puede conllevar a un uso de memoria previamente liberada de lectura o escritura cuando no está sincronizado entre la rutina de limpieza y la rutina de descarga del firmware • http://www.openwall.com/lists/oss-security/2022/06/05/4 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 2CVE-2022-1679 – kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges
https://notcve.org/view.php?id=CVE-2022-1679
16 May 2022 — A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en el controlador del adaptador inalámbrico Atheros del kernel de Linux en la forma en que un usuario fuerza la función ath9k_htc_wait_for_target a fallar con algunos m... • https://github.com/EkamSinghWalia/-Detection-and-Mitigation-for-CVE-2022-1679 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 2CVE-2022-30594 – kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
https://notcve.org/view.php?id=CVE-2022-30594
12 May 2022 — The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. El kernel de Linux versiones anteriores a 5.17.2, maneja inapropiadamente los permisos de seccomp. La ruta de código PTRACE_SEIZE permite a atacantes omitir las restricciones previstas al establecer el flag PT_SUSPEND_SECCOMP A flaw was found in the Linux kernel. The PTRACE_SEIZE code path allows attackers to bypass intended restri... • https://github.com/Lay0us/linux-4.19.72_CVE-2022-30594 • CWE-276: Incorrect Default Permissions CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3764 – kernel: DoS in ccp_run_aes_gcm_cmd() function
https://notcve.org/view.php?id=CVE-2021-3764
11 May 2022 — A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de pérdida de memoria en la función ccp_run_aes_gcm_cmd() del kernel de Linux que permite a un atacante causar una denegación de servicio. La vulnerabilidad es similar a la anterior CVE-2019-18808. • https://access.redhat.com/security/cve/CVE-2021-3764 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4037 – kernel: security regression for CVE-2018-13405
https://notcve.org/view.php?id=CVE-2021-4037
11 May 2022 — A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2... • https://access.redhat.com/security/cve/CVE-2021-4037 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2022-29968
https://notcve.org/view.php?id=CVE-2022-29968
02 May 2022 — An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. Se ha detectado un problema en el kernel de Linux versiones hasta 5.17.5. La función io_rw_init_file en el archivo fs/io_uring.c carece de la inicialización de kiocb-)private • https://github.com/jprx/CVE-2022-29968 • CWE-909: Missing Initialization of Resource •
CVSS: 7.1EPSS: 0%CPEs: 29EXPL: 0CVE-2022-1353 – kernel: kernel info leak issue in pfkey_register
https://notcve.org/view.php?id=CVE-2022-1353
29 Apr 2022 — A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Se encontró una vulnerabilidad en la función pfkey_register en el archivo net/key/af_key.c en el kernel de Linux. Este fallo permite a un usuario local no privilegiado acceder a la memoria del kernel, conllevando a un bloqueo del sistema o un filtrado de información in... • https://bugzilla.redhat.com/show_bug.cgi?id=2066819 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1195
https://notcve.org/view.php?id=CVE-2022-1195
29 Apr 2022 — A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en el kernel de Linux en drivers/net/hamradio. Este fallo permite a un atacante local con privilegio de usuario causar una denegación de servicio (DOS) cuando el dispositivo mkiss o sixp... • https://bugzilla.redhat.com/show_bug.cgi?id=2056381 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •