CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24448 – kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR
https://notcve.org/view.php?id=CVE-2022-24448
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. Se ha detectado un problema en el archivo fs/nfs/dir.c en el kernel de Linux versiones anteriores a 5.16.5. Si una aplicación establece la bandera O_DIRECTORY, y trata de abrir un archivo regular, la función nfs_atomic_open() lleva a cabo una búsqueda regular. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lore.kernel.org/all/67d6a536-9027&# • CWE-755: Improper Handling of Exceptional Conditions CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-0264
https://notcve.org/view.php?id=CVE-2022-0264
A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6 Se encontró una vulnerabilidad en el verificador eBPF del kernel de Linux cuando son manejados estructuras de datos internas. Las ubicaciones de memoria interna podían ser devueltas al espacio de usuario. • https://bugzilla.redhat.com/show_bug.cgi?id=2041547 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0CVE-2021-20322 – kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies
https://notcve.org/view.php?id=CVE-2021-20322
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Se encontró un fallo en el procesamiento de los errores ICMP recibidos (fragmento ICMP necesario y redireccionamiento ICMP) en la funcionalidad del kernel de Linux que permite la capacidad de escanear rápidamente los puertos UDP abiertos. Este fallo permite a un usuario remoto fuera de la ruta de acceso omitir efectivamente la aleatorización del puerto de origen UDP. • https://bugzilla.redhat.com/show_bug.cgi?id=2014230 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e https://git.kernel.org/pub/scm/linux/ke • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 1CVE-2021-3640 – kernel: use-after-free vulnerability in function sco_sock_sendmsg()
https://notcve.org/view.php?id=CVE-2021-3640
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. Se encontró un fallo de uso de memoria previamente liberada en la función sco_sock_sendmsg() del subsistema HCI del kernel de Linux en la forma en que el usuario llama a ioct UFFDIO_REGISTER o de otra manera desencadena una condición de carrera de la llamada sco_conn_del() junto con la llamada sco_sock_sendmsg() con la página de memoria de fallo controlable esperada. Un usuario local privilegiado podría usar este fallo para bloquear el sistema o escalar sus privilegios en el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=1980646 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951 https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20220419-0003 https://ubuntu.com/security/CVE-2021- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 2CVE-2021-4032
https://notcve.org/view.php?id=CVE-2021-4032
A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7. Se ha encontrado una vulnerabilidad en el subsistema KVM del kernel de Linux en el archivo arch/x86/kvm/lapic.c kvm_free_lapic cuando es detectado una asignación de fallos. En este fallo, el subsistema KVM puede bloquear el kernel debido a un manejo inapropiado de los errores de memoria que se producen durante la construcción de la VCPU, lo que permite a un atacante con privilegios especiales de usuario causar una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2027403 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7d8a19f9a056a05c5c509fa65af472a322abfee https://lkml.org/lkml/2021/9/8/587 • CWE-459: Incomplete Cleanup •