CVE-2022-23238
https://notcve.org/view.php?id=CVE-2022-23238
Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content. Las implantaciones en Linux de StorageGRID (anteriormente conocido como StorageGRID Webscale) versiones 11.6.0 hasta 11.6.0.2 implantadas con una versión del kernel de Linux inferior a 4.7.0 son susceptibles de una vulnerabilidad que podría permitir a un atacante remoto no autenticado visualizar información de métricas limitada y modificar los destinatarios y el contenido de los correos electrónicos de alerta • https://security.netapp.com/advisory/NTAP-20220808-0001 •
CVE-2022-36123
https://notcve.org/view.php?id=CVE-2022-36123
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. El kernel de Linux versiones anteriores a 5.18.13, carece de una determinada operación de borrado para el símbolo de inicio de bloque (.bss). Esto permite a usuarios del SO huésped Xen PV causar una denegación de servicio o conseguir privilegios • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13 https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0 https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884 https://security.netapp.com/advisory/ntap-20220901-0003 https://sick.codes/sick-2022-128 •
CVE-2022-0812
https://notcve.org/view.php?id=CVE-2022-0812
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. Se ha encontrado un fallo de filtrado de información en NFS sobre RDMA en el archivo net/sunrpc/xprtrdma/rpc_rdma.c en el Kernel de Linux. Este fallo permite a un atacante privilegiado de usuario normales filtrar información del kernel • https://access.redhat.com/security/cve/CVE-2022-0812 https://bugzilla.redhat.com/show_bug.cgi?id=2058361 https://bugzilla.redhat.com/show_bug.cgi?id=2058955 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=912288442cb2f431bf3c8cb097a5de83bc6dbac1 https://security.netapp.com/advisory/ntap-20230427-0011 https://ubuntu.com/security/CVE-2022-0812 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-1184 – kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
https://notcve.org/view.php?id=CVE-2022-1184
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. Se ha detectado un fallo de uso de memoria previamente liberada en el archivo fs/ext4/namei.c:dx_insert_block() en el subcomponente del sistema de archivos del kernel de Linux. Este fallo permite a un atacante local con privilegios de usuario causar una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-1184 https://bugzilla.redhat.com/show_bug.cgi?id=2070205 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://ubuntu.com/security/CVE-2022-1184 https://www.debian.org/security/2022/dsa-5257 • CWE-416: Use After Free •
CVE-2022-36879 – kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice
https://notcve.org/view.php?id=CVE-2022-36879
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. Se ha detectado un problema en el kernel de Linux versiones hasta 5.18.14. la función xfrm_expand_policies en el archivo net/xfrm/xfrm_policy.c puede causar que un refcount sea descartado dos veces A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). An error while resolving policies in xfrm_bundle_lookup causes the refcount to drop twice, leading to a possible crash and a denial of service. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901 https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901 https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://security.netapp.com/advisory/ntap-20220901-0007 https://www.debian.org/security/2022/dsa-5207 https://access.redhat.com/security/cve/CVE-2022-36879 https://bugzilla.r • CWE-911: Improper Update of Reference Count •