CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 3CVE-2022-41218 – kernel: Report vmalloc UAF in dvb-core/dmxdev
https://notcve.org/view.php?id=CVE-2022-41218
21 Sep 2022 — In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. En el archivo drivers/media/dvb-core/dmxdev.c en el kernel de Linux versiones hasta 5.19.10, se presenta un uso de memoria previamente liberada causado por refcount races, que afecta a dvb_demux_open y dvb_dmxdev_release A use-after-free flaw was found in the Linux kernel’s dvb-core subsystem (DVB API used by Digital TV devices) in how a... • https://github.com/Tobey123/CVE-2022-41218 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-3239 – kernel: media: em28xx: initialize refcount before kref_get
https://notcve.org/view.php?id=CVE-2022-3239
19 Sep 2022 — A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en el controlador video4linux del kernel de Linux en la forma en que el usuario desencadena em28xx_usb_probe() para las tarjetas de TV basadas en Empia 28xx. Un usuario local podría usar e... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c08eadca1bdfa099e20a32f8fa4b52b2f672236d • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40768
https://notcve.org/view.php?id=CVE-2022-40768
18 Sep 2022 — drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. El archivo drivers/scsi/stex.c en el kernel de Linux versiones hasta 5.19.9, permite a usuarios locales obtener información confidencial de la memoria del kernel porque stex_queuecommand_lck carece de memset para el caso PASSTHRU_CMD • http://www.openwall.com/lists/oss-security/2022/09/19/1 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40476
https://notcve.org/view.php?id=CVE-2022-40476
14 Sep 2022 — A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service. Se ha detectado un problema de desreferencia de puntero null en el archivo fs/io_uring.c en el kernel de Linux versiones anteriores a 5.15.62. Un usuario local podría usar este fallo para bloquear el sistema o causar potencialmente una denegación de servicio • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.15.61&id=3746d62ecf1c872a520c4866118edccb121c44fd • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-3202
https://notcve.org/view.php?id=CVE-2022-3202
14 Sep 2022 — A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. Un fallo de desreferencia de puntero NULL en diFree en el archivo fs/jfs/inode.c en Journaled File System (JFS) en el kernel de Linux. Esto podría permitir a un atacante local bloquear el sistema o filtrar información interna del kernel • https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47 • CWE-476: NULL Pointer Dereference •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3077 – kernel: i2c: unbounded length leads to buffer overflow in ismt_access()
https://notcve.org/view.php?id=CVE-2022-3077
09 Sep 2022 — A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system. Se encontró una vulnerabilidad de desbordamiento de búfer en el controlador de host iSMT SMBus del kernel de Linux en la forma en que manejaba el caso I2C_SMBUS_BLOCK_PROC_CALL (por el ioctl I2C_SMBUS) con datos de entrada maliciosos. Este fa... • https://github.com/torvalds/linux/commit/690b2549b19563ec5ad53e5c82f6a944d910086e • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36280 – There is an out-of-bounds write vulnerability in vmwgfx driver
https://notcve.org/view.php?id=CVE-2022-36280
09 Sep 2022 — An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). Se ha encontrado una vulnerabilidad de acceso a memoria fuera de límites (OOB) en el controlador vmwgfx en el archivo drivers/gpu/vmxgfx/vmxgfx_kms.c en el componente GPU en el kernel de Linux... • https://bugzilla.openanolis.cn/show_bug.cgi?id=2071 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40307
https://notcve.org/view.php?id=CVE-2022-40307
09 Sep 2022 — An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. Se ha detectado un problema en el kernel de Linux versiones hasta 5.19.8. El archivo drivers/firmware/efi/capsule-loader.c presenta una condición de carrera con un uso de memoria previamente liberada resultante • https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-2905
https://notcve.org/view.php?id=CVE-2022-2905
09 Sep 2022 — An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. Se ha encontrado un fallo de lectura de memoria fuera de límites en el subsistema BPF del kernel de Linux en la forma en que un usuario llama a la función bpf_tail_call con una clave mayor que el max_entries del mapa. Este fallo permite a un usuario local conseguir a... • https://bugzilla.redhat.com/show_bug.cgi?id=2121800 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-39842
https://notcve.org/view.php?id=CVE-2022-39842
05 Sep 2022 — An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.19. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19 • CWE-190: Integer Overflow or Wraparound •