CVE-2022-41974 – device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
https://notcve.org/view.php?id=CVE-2022-41974
This can lead to local privilege escalation to root. ... This could lead to local privilege escalation to root. • http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html http://seclists.org/fulldisclosure/2022/Dec/4 http://seclists.org/fulldisclosure/2022/Oct/25 http://www.openwall.com/lists/oss-security/2022/10/24/2 http://www.openwall.com/lists/oss-security/2022/11/30/2 https://bugzilla.suse.com/show_bug.cgi?id=1202739 https://github.com/open • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVE-2022-33179
https://notcve.org/view.php?id=CVE-2022-33179
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set context” and escalate privileges. • https://security.netapp.com/advisory/ntap-20230127-0004 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2079 •
CVE-2022-3586 – Linux Kernel Net Scheduler Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-3586
An attacker can leverage this in conjunction with other vulnerabilties to escalate privileges and execute arbitrary code in the context of the kernel. • https://github.com/torvalds/linux/commit/9efd23297cca https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.zerodayinitiative.com/advisories/upcoming • CWE-416: Use After Free •
CVE-2022-2602 – Linux Kernel io_uring Improper Update of Reference Count Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2602
io_uring UAF, Unix SCM garbage collection io_uring UAF, recolección de basura Unix SCM This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://github.com/LukeGix/CVE-2022-2602 https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit https://github.com/th3-5had0w/CVE-2022-2602-Study http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602 https://ubuntu.com/security/notices/USN-5691-1 https://ubuntu.com/security/notices/USN-5692-1 https://ubuntu.com/security/notices/USN-5693-1 https://ubuntu.com/security/ • CWE-416: Use After Free •
CVE-2022-22239 – Junos OS Evolved: The ssh CLI command always runs as root which can lead to privilege escalation
https://notcve.org/view.php?id=CVE-2022-22239
This vulnerability allows a locally authenticated attacker with access to the ssh operational command to escalate their privileges on the system to root, or if there is user interaction on the local device to potentially escalate privileges on a remote system to root. • https://kb.juniper.net/JSA69895 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •