CVSS: 7.1EPSS: 0%CPEs: 29EXPL: 0CVE-2022-1353 – kernel: kernel info leak issue in pfkey_register
https://notcve.org/view.php?id=CVE-2022-1353
29 Apr 2022 — A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Se encontró una vulnerabilidad en la función pfkey_register en el archivo net/key/af_key.c en el kernel de Linux. Este fallo permite a un usuario local no privilegiado acceder a la memoria del kernel, conllevando a un bloqueo del sistema o un filtrado de información in... • https://bugzilla.redhat.com/show_bug.cgi?id=2066819 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1195
https://notcve.org/view.php?id=CVE-2022-1195
29 Apr 2022 — A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en el kernel de Linux en drivers/net/hamradio. Este fallo permite a un atacante local con privilegio de usuario causar una denegación de servicio (DOS) cuando el dispositivo mkiss o sixp... • https://bugzilla.redhat.com/show_bug.cgi?id=2056381 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 2CVE-2022-29582
https://notcve.org/view.php?id=CVE-2022-29582
22 Apr 2022 — In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. En el kernel de Linux versiones anteriores a 5.17.3, el archivo fs/io_uring.c presenta un uso de memoria previamente liberada debido a una condición de carrera en la función io_uring timeouts. Esto puede ser desencadenado por un usuario local qu... • https://github.com/Ruia-ruia/CVE-2022-29582-Exploit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 13CVE-2022-1015
https://notcve.org/view.php?id=CVE-2022-1015
21 Apr 2022 — A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. Se ha encontrado un fallo en el kernel de Linux en el archivo linux/net/netfilter/nf_tables_api.c del subsistema netfilter. Este fallo permite a un usuario local causar un problema de escritura fuera de límites • https://github.com/pqlx/CVE-2022-1015 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 2CVE-2022-1016 – kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM
https://notcve.org/view.php?id=CVE-2022-1016
21 Apr 2022 — A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. Se ha encontrado un fallo en el kernel de Linux en el archivo net/netfilter/nf_tables_core.c:nft_do_chain, que puede causar un uso de memoria previamente liberada. Este problema necesita manejar "return" con las precondiciones apropiada... • http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016 • CWE-824: Access of Uninitialized Pointer CWE-909: Missing Initialization of Resource •
CVSS: 7.0EPSS: 0%CPEs: 26EXPL: 0CVE-2022-1048 – kernel: race condition in snd_pcm_hw_free leading to use-after-free
https://notcve.org/view.php?id=CVE-2022-1048
21 Apr 2022 — A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en el subsistema de sonido del kernel de Linux en la forma en que un usuario desencadena las llamadas concurrentes de PCM hw_params. ... • https://bugzilla.redhat.com/show_bug.cgi?id=2066706 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-28388 – kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c
https://notcve.org/view.php?id=CVE-2022-28388
03 Apr 2022 — usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. La función usb_8dev_start_xmit en el archivo drivers/net/can/usb/usb_8dev.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación A double-free flaw was found in the Linux kernel's USB2CAN interface implementation. This issue could allow a local user to crash the system. • https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-28389
https://notcve.org/view.php?id=CVE-2022-28389
03 Apr 2022 — mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. La función mcba_usb_start_xmit en el archivo drivers/net/can/usb/mcba_usb.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación • https://github.com/torvalds/linux/commit/04c9b00ba83594a29813d6b1fb8fdc93a3915174 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-28390 – kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
https://notcve.org/view.php?id=CVE-2022-28390
03 Apr 2022 — ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. La función ems_usb_start_xmit en el archivo drivers/net/can/usb/ems_usb.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación A double-free flaw was found in the Linux kernel in the ems_usb_start_xmit function. This flaw allows an attacker to create a memory leak and corrupt the underlying data structure by calling free more than once. • https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-28356
https://notcve.org/view.php?id=CVE-2022-28356
02 Apr 2022 — In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. En el kernel de Linux versiones anteriores a 5.17.1, se encontró un bug de filtrado de refcount en el archivo net/llc/af_llc.c • http://www.openwall.com/lists/oss-security/2022/04/06/1 •