CVE-2022-3113
https://notcve.org/view.php?id=CVE-2022-3113
An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference. Se descubrió un problema en el kernel de Linux hasta 5.16-rc6. mtk_vcodec_fw_vpu_init en drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c carece de verificación del valor de retorno de devm_kzalloc() y provocará la desreferencia del puntero nulo. • https://bugzilla.redhat.com/show_bug.cgi?id=2153053 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=e25a89f743b18c029bfbe5e1663ae0c7190912b0 • CWE-476: NULL Pointer Dereference •
CVE-2022-3112
https://notcve.org/view.php?id=CVE-2022-3112
An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. Se descubrió un problema en el kernel de Linux hasta 5.16-rc6. amvdec_set_canvases en drivers/staging/media/meson/vdec/vdec_helpers.c carece de verificación del valor de retorno de kzalloc() y provocará la desreferencia del puntero nulo. • https://bugzilla.redhat.com/show_bug.cgi?id=2153068 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=c8c80c996182239ff9b05eda4db50184cf3b2e99 • CWE-476: NULL Pointer Dereference •
CVE-2022-42328
https://notcve.org/view.php?id=CVE-2022-42328
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). Los invitados pueden provocar un punto muerto en Linux netback driver T. Este registro de información CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE.] • http://www.openwall.com/lists/oss-security/2022/12/08/2 http://www.openwall.com/lists/oss-security/2022/12/08/3 http://www.openwall.com/lists/oss-security/2022/12/09/2 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://xenbits.xenproject.org/xsa/advisory-424.txt • CWE-667: Improper Locking •
CVE-2022-3643
https://notcve.org/view.php?id=CVE-2022-3643
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. • http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html http://www.openwall.com/lists/oss-security/2022/12/07/2 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://xenbits.xenproject.org/xsa/advisory-423.txt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2022-42329
https://notcve.org/view.php?id=CVE-2022-42329
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). Los invitados pueden provocar un punto muerto en Linux netback driver T. Este registro de información CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE.] • http://www.openwall.com/lists/oss-security/2022/12/08/2 http://www.openwall.com/lists/oss-security/2022/12/08/3 http://www.openwall.com/lists/oss-security/2022/12/09/2 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://xenbits.xenproject.org/xsa/advisory-424.txt • CWE-667: Improper Locking •