CVE-2021-3659 – kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c
https://notcve.org/view.php?id=CVE-2021-3659
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de desreferencia de puntero NULL en el subsistema de red inalámbrica IEEE versión 802.15.4 del kernel de Linux en la forma en que el usuario cierra la conexión LR-WPAN. Este fallo permite a un usuario local bloquear el sistema. • https://access.redhat.com/security/cve/CVE-2021-3659 https://bugzilla.redhat.com/show_bug.cgi?id=1975949 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •
CVE-2021-3669 – kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts
https://notcve.org/view.php?id=CVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. Se ha encontrado un fallo en el kernel de Linux. La medición del uso de la memoria compartida no escala con grandes recuentos de segmentos de memoria compartida, lo que podría conllevar a el agotamiento de recursos y el DoS. • https://access.redhat.com/security/cve/CVE-2021-3669 https://bugzilla.redhat.com/show_bug.cgi?id=1980619 https://bugzilla.redhat.com/show_bug.cgi?id=1986473 https://security-tracker.debian.org/tracker/CVE-2021-3669 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-1011 – kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes
https://notcve.org/view.php?id=CVE-2022-1011
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. Se ha encontrado un fallo de uso después de libre en el sistema de archivos FUSE del kernel de Linux en la forma en que un usuario activa write(). Este defecto permite a un usuario local obtener acceso no autorizado a los datos del sistema de archivos FUSE, lo que resulta en una escalada de privilegios Linux suffers from a vulnerability where FUSE allows use-after-free reads of write() buffers, allowing theft of (partial) /etc/shadow hashes. • https://github.com/xkaneiki/CVE-2022-1011 https://bugzilla.redhat.com/show_bug.cgi?id=2064855 https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://www.debian.org/security/2022/dsa-5173 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-1011 • CWE-416: Use After Free •
CVE-2022-0847 – Linux Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Se ha encontrado un fallo en la forma en que el miembro "flags" de la estructura del nuevo búfer de la tubería carecía de la inicialización apropiada en las funciones copy_page_to_iter_pipe y push_pipe en el kernel de Linux y, por tanto, podía contener valores obsoletos. Un usuario local no privilegiado podía usar este fallo para escribir en páginas de la caché de páginas respaldadas por archivos de sólo lectura y así escalar sus privilegios en el sistema Linux versions 4.20 and above have an issue where ktls writes into spliced readonly pages. Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. • https://www.exploit-db.com/exploits/50808 https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits https://github.com/r1is/CVE-2022-0847 https://github.com/bbaranoff/CVE-2022-0847 https://github.com/Al1ex/CVE-2022-0847 https://github.com/antx-code/CVE-2022-0847 https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker https://github.com/knqyf263/CVE-2022-0847 https://github.com/chenaotian/CVE-2022- • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •
CVE-2022-0435 – kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
https://notcve.org/view.php?id=CVE-2022-0435
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. Se ha encontrado un fallo de desbordamiento de pila en la funcionalidad del protocolo TIPC del kernel de Linux en la forma en que un usuario envía un paquete con contenido malicioso cuando el número de nodos miembros del dominio es superior a los 64 permitidos. Este fallo permite a un usuario remoto bloquear el sistema o posiblemente escalar sus privilegios si presenta acceso a la red TIPC A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. • https://github.com/wlswotmd/CVE-2022-0435 https://bugzilla.redhat.com/show_bug.cgi?id=2048738 https://security.netapp.com/advisory/ntap-20220602-0001 https://www.openwall.com/lists/oss-security/2022/02/10/1 https://access.redhat.com/security/cve/CVE-2022-0435 • CWE-787: Out-of-bounds Write •