CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39190 – kernel: nf_tables disallow binding to already bound chain
https://notcve.org/view.php?id=CVE-2022-39190
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. Se ha detectado un problema en el archivo net/netfilter/nf_tables_api.c en el kernel de Linux versiones anteriores a 5.19.6. Puede producirse una denegación de servicio al vincularse a una cadena ya vinculada A flaw was found in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6 https://github.com/torvalds/linux/commit/e02f0d3970404bfea385b6edb86f2d936db0ea2b https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/all/20220824220330.64283-12-pablo%40netfilter.org https://twitter.com/pr0Ln https://access.redhat.com/security/cve/CVE-2022-39190 https://bugzilla.redhat.com/show_bug.cgi?id=2129152 • CWE-392: Missing Report of Error Condition •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3078
https://notcve.org/view.php?id=CVE-2022-3078
An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c. Se ha detectado un problema en el kernel de Linux versiones hasta 5.16-rc6. Se presenta una falta de comprobación después de llamar a vzalloc() y una falta de liberación después de la asignación en drivers/media/test-drivers/vidtv/vidtv_s302m.c • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=e6a21a14106d9718aa4f8e115b1e474888eeba44 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1508
https://notcve.org/view.php?id=CVE-2022-1508
An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds. Se ha encontrado un fallo de lectura fuera de límites en el módulo io_uring del kernel de Linux en la forma en que un usuario desencadena la función io_read() con algunos parámetros especiales. Este fallo permite a un usuario local leer alguna memoria fuera de límites • https://access.redhat.com/security/cve/CVE-2022-1508 https://bugzilla.redhat.com/show_bug.cgi?id=2075533 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c2b3b74918200e46699338d7bcc19b1ea12110 https://ubuntu.com/security/CVE-2022-1508 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-2153 – kernel: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
https://notcve.org/view.php?id=CVE-2022-2153
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. Se ha encontrado un fallo en el KVM del kernel de Linux cuando es intentado establecer una IRQ SynIC. Este problema hace posible a un VMM que sea comportado inapropiadamente escribir en las MSR de SYNIC/STIMER, causando una desreferencia de puntero NULL. • https://bugzilla.redhat.com/show_bug.cgi?id=2069736 https://github.com/torvalds/linux/commit/00b5f37189d24ac3ed46cb7f11742094778c46ce https://github.com/torvalds/linux/commit/7ec37d1cbe17d8189d9562178d8b29167fe1c31a https://github.com/torvalds/linux/commit/b1e34d325397a33d97d845e312d7cf2a8b646b44 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.openwall.com/lists/oss-security/2022/06/22/1 https://access.redhat.com/security& • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 2CVE-2022-0850 – kernel: information leak in copy_page_to_iter() in iov_iter.c
https://notcve.org/view.php?id=CVE-2022-0850
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. Se encontró una vulnerabilidad en el kernel de linux, donde es producido un filtrado de información por medio de la función ext4_extent_header al espacio de usuario An information leak flaw was found via ext4_extent_header in fs/ext4/extents.c in the Linux kernel. This flaw could allow a local attacker to cause a denial of service. • https://access.redhat.com/security/cve/CVE-2022-0850 https://bugzilla.redhat.com/show_bug.cgi?id=2060606 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •