CVE-2020-36516 – kernel: off-path attacker may inject data or terminate victim's TCP session
https://notcve.org/view.php?id=CVE-2020-36516
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. Se ha detectado un problema en el kernel de Linux versiones hasta 5.16.11. El método de asignación de IPID mixto con la política de asignación de IPID basada en hash permite a un atacante fuera de la ruta inyectar datos en la sesión TCP de una víctima o terminar esa sesión. A TCP/IP packet spoofing attack flaw was found in the Linux kernel’s TCP/IP protocol, where a Man-in-the-Middle Attack (MITM) performs an IP fragmentation attack and an IPID collision. • https://dl.acm.org/doi/10.1145/3372297.3417884 https://security.netapp.com/advisory/ntap-20220331-0003 https://access.redhat.com/security/cve/CVE-2020-36516 https://bugzilla.redhat.com/show_bug.cgi?id=2059928 • CWE-290: Authentication Bypass by Spoofing CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2022-23308 – libxml2: Use-after-free of ID and IDREF attributes
https://notcve.org/view.php?id=CVE-2022-23308
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. El archivo valid.c en libxml2 versiones anteriores a 2.9.13, presenta un uso de memoria previamente liberada de los atributos ID e IDREF. A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue. • http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/34 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/36 http://seclists.org/fulldisclosure/2022/May/37 http://seclists.org/fulldisclosure/2022/May/38 https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS https://lists.debian.org/debian-lts-announce/2022/04/msg00004. • CWE-416: Use After Free •
CVE-2022-0492 – kernel: cgroups v1 release_agent feature may allow privilege escalation
https://notcve.org/view.php?id=CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. Se ha encontrado una vulnerabilidad en la función cgroup_release_agent_write en el archivo kernel/cgroup/cgroup-v1.c del kernel de Linux. Este fallo, bajo determinadas circunstancias, permite el uso de la función cgroups v1 release_agent para escalar privilegios y saltarse el aislamiento del espacio de nombres de forma no esperada • https://github.com/chenaotian/CVE-2022-0492 https://github.com/SofianeHamlaoui/CVE-2022-0492-Checker https://github.com/yoeelingBin/CVE-2022-0492-Container-Escape https://github.com/T1erno/CVE-2022-0492-Docker-Breakout-Checker-and-PoC https://github.com/bb33bb/CVE-2022-0492 http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html http://packetstormsecurity.com/files/17 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVE-2022-25636 – kernel: heap out of bounds write in nf_dup_netdev.c
https://notcve.org/view.php?id=CVE-2022-25636
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. El archivo net/netfilter/nf_dup_netdev.c en el kernel de Linux versiones 5.4 hasta 5.6.10, permite a usuarios locales alcanzar privilegios debido a una escritura fuera de los límites de la pila. Esto está relacionado con nf_tables_offload An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat. • https://github.com/Bonfee/CVE-2022-25636 https://github.com/veritas501/CVE-2022-25636-PipeVersion https://github.com/chenaotian/CVE-2022-25636 http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html http://www.openwall.com/lists/oss-security/2022/02/22/1 https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6 https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636 https://security • CWE-269: Improper Privilege Management CWE-787: Out-of-bounds Write •
CVE-2022-0646
https://notcve.org/view.php?id=CVE-2022-0646
A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5. Se encontró un fallo de uso de memoria previamente liberada en el subsistema del kernel de Linux Management Component Transport Protocol (MCTP) en la forma en que el usuario desencadena cancel_work_sync después de unregister_netdev durante la eliminación del dispositivo. Un usuario local podría usar este fallo para bloquear el sistema o escalar sus privilegios en el sistema. • https://lore.kernel.org/all/20220211011552.1861886-1-jk%40codeconstruct.com.au https://security.netapp.com/advisory/ntap-20220318-0006 • CWE-416: Use After Free CWE-459: Incomplete Cleanup •