CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4127
https://notcve.org/view.php?id=CVE-2022-4127
A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service. Se descubrió un problema de desreferencia de puntero NULL en el kernel de Linux en io_files_update_with_index_alloc. Un usuario local podría utilizar esta falla para bloquear potencialmente el sistema y provocar una Denegación de Servicio (DoS). • https://github.com/torvalds/linux/commit/d785a773bed966a75ca1f11d108ae1897189975b https://lore.kernel.org/all/d5a19c1e-9968-e22e-5917-c3139c5e7e89%40kernel.dk • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2022-45919 – kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c
https://notcve.org/view.php?id=CVE-2022-45919
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.10. En drivers/media/dvb-core/dvb_ca_en50221.c, puede ocurrir un use-after-free si hay una desconexión después de una apertura, debido a la falta de un wait_event. A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB CA EN50221 interface of the DVB core device driver. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=280a8ab81733da8bc442253c700a52c4c0886ffd https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u https://security.netapp.com/advisory/ntap-20230113-0008 https://access.redhat.com/security/cve/CVE-2022-45919 https://bugzilla.redhat.com/show_bug.cgi?id=2151956 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45887 – kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c
https://notcve.org/view.php?id=CVE-2022-45887
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c tiene una pérdida de memoria debido a la falta de una llamada dvb_frontend_detach. A memory leak issue was found in the Linux kernel media subsystem in the TTUSB DEC driver. It could occur in the ttusb_dec_exit_dvb() function because of the lack of a dvb_frontend_detach call. A local user could trigger this flaw by repeatedly plugging and unplugging the device, potentially causing a denial of service condition. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517a281338322ff8293f988771c98aaa7205e457 https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel%40gmail.com https://security.netapp.com/advisory/ntap-20230113-0006 https://access.redhat.com/security/cve/CVE-2022-45887 https://bugzilla.redhat.com/show_bug.cgi?id=2148520 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-45886 – kernel: use-after-free due to race condition occurring in dvb_net.c
https://notcve.org/view.php?id=CVE-2022-45886
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/dvb-core/dvb_net.c tiene una condición de carrera .disconnect versus dvb_device_open que conduce a un use-after-free. A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the dvb_net component of the DVB core device driver. It could occur between the time the device is disconnected (.disconnect function) and the time the device node is opened (dvb_device_open function). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4172385b0c9ac366dcab78eda48c26814b87ed1a https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel%40gmail.com https://security.netapp.com/advisory/ntap-20230113-0006 https://access.redhat.com/security/cve/CVE-2022-45886 https://bugzilla.redhat.com/show_bug.cgi?id=2148517 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45884 – kernel: use-after-free due to race condition occurring in dvb_register_device()
https://notcve.org/view.php?id=CVE-2022-45884
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/dvb-core/dvbdev.c tiene un use-after-free, relacionado con dvb_register_device que asigna dinámicamente fops. A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvb_register_device() function due to the file_operations structure (fops) being dynamically allocated and later kfreed. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3 https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com https://security.netapp.com/advisory/ntap-20230113-0006 https://access.redhat.com/security/cve/CVE-2022-45884 https://bugzilla.redhat.com/show_bug.cgi?id=2148510 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •