CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 2CVE-2022-0850 – kernel: information leak in copy_page_to_iter() in iov_iter.c
https://notcve.org/view.php?id=CVE-2022-0850
12 Apr 2022 — A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. Se encontró una vulnerabilidad en el kernel de linux, donde es producido un filtrado de información por medio de la función ext4_extent_header al espacio de usuario An information leak flaw was found via ext4_extent_header in fs/ext4/extents.c in the Linux kernel. This flaw could allow a local attacker to cause a denial of service. It was discovered that the framebuffer driver on the Linux kernel... • https://access.redhat.com/security/cve/CVE-2022-0850 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.0EPSS: 0%CPEs: 26EXPL: 0CVE-2022-1048 – kernel: race condition in snd_pcm_hw_free leading to use-after-free
https://notcve.org/view.php?id=CVE-2022-1048
12 Apr 2022 — A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en el subsistema de sonido del kernel de Linux en la forma en que un usuario desencadena las llamadas concurrentes de PCM hw_params. ... • https://bugzilla.redhat.com/show_bug.cgi?id=2066706 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1205 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2022-1205
12 Apr 2022 — A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. Se ha encontrado un fallo de desreferencia de puntero NULL en la funcionalidad del protocolo AX.25 de Radio Aficionados del kernel de Linux en la forma en que un usuario es conectado con el protocolo. Este fallo permite a un usuario local bloquear el sistema Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke X... • https://access.redhat.com/security/cve/CVE-2022-1205 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-1199 – Ubuntu Security Notice USN-5469-1
https://notcve.org/view.php?id=CVE-2022-1199
12 Apr 2022 — A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. Se ha encontrado un fallo en el kernel de Linux. Este fallo permite a un atacante bloquear el kernel de Linux al simular la radioafición desde el espacio de usuario, resultando en una vulnerabilidad null-ptr-deref y una vulnerabilidad de uso de memoria previamente liberada It was discovere... • https://access.redhat.com/security/cve/CVE-2022-1199 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-28388 – kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c
https://notcve.org/view.php?id=CVE-2022-28388
03 Apr 2022 — usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. La función usb_8dev_start_xmit en el archivo drivers/net/can/usb/usb_8dev.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación A double-free flaw was found in the Linux kernel's USB2CAN interface implementation. This issue could allow a local user to crash the system. It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle ... • https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-28389 – Ubuntu Security Notice USN-5469-1
https://notcve.org/view.php?id=CVE-2022-28389
03 Apr 2022 — mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. La función mcba_usb_start_xmit en el archivo drivers/net/can/usb/mcba_usb.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfi... • https://github.com/torvalds/linux/commit/04c9b00ba83594a29813d6b1fb8fdc93a3915174 • CWE-415: Double Free •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2022-28390 – kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
https://notcve.org/view.php?id=CVE-2022-28390
03 Apr 2022 — ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. La función ems_usb_start_xmit en el archivo drivers/net/can/usb/ems_usb.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación A double-free flaw was found in the Linux kernel in the ems_usb_start_xmit function. This flaw allows an attacker to create a memory leak and corrupt the underlying data structure by calling free more than once. It was discovered that the Linux kernel did ... • https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-28356 – Ubuntu Security Notice USN-5469-1
https://notcve.org/view.php?id=CVE-2022-28356
02 Apr 2022 — In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. En el kernel de Linux versiones anteriores a 5.17.1, se encontró un bug de filtrado de refcount en el archivo net/llc/af_llc.c It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not prop... • http://www.openwall.com/lists/oss-security/2022/04/06/1 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3847
https://notcve.org/view.php?id=CVE-2021-3847
01 Apr 2022 — An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. Se encontró un acceso no autorizado a la ejecución del archivo setuid con fallo de capacidades en el subsistema OverlayFS del kernel de Linux en la forma en que el usuario copia un archivo capaz de un montaje nosuid en otro ... • https://bugzilla.redhat.com/show_bug.cgi?id=2009704 • CWE-281: Improper Preservation of Permissions •
CVSS: 3.6EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35501
https://notcve.org/view.php?id=CVE-2020-35501
30 Mar 2022 — A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem Se ha encontrado un fallo en la implementación de reglas de auditoría en los kernels de Linux, donde una llamada al sistema puede no ser registrada correctamente por el subsistema de auditoría • https://bugzilla.redhat.com/show_bug.cgi?id=1908577 • CWE-863: Incorrect Authorization •