CVE-2022-39842
https://notcve.org/view.php?id=CVE-2022-39842
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.19. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19 https://github.com/torvalds/linux/commit/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/all/YylaC1wHHyLw22D3%40kadam/T https://www.debian.org/security/2022/dsa-5257 • CWE-190: Integer Overflow or Wraparound •
CVE-2022-39188 – kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
https://notcve.org/view.php?id=CVE-2022-39188
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. Se ha detectado un problema en el archivo include/asm-generic/tlb.h en el kernel de Linux versiones anteriores a 5.19. Debido a una condición de carrera (unmap_mapping_range frente a munmap), un controlador de dispositivo puede liberar una página mientras todavía presenta entradas de TLB antiguas. • https://bugs.chromium.org/p/project-zero/issues/detail?id=2329 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b67fbebd4cf980aecbcc750e1462128bffe8ae15 https://github.com/torvalds/linux/commit/b67fbebd4cf980aecbcc750e1462128bffe8ae15 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iq • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2022-39190 – kernel: nf_tables disallow binding to already bound chain
https://notcve.org/view.php?id=CVE-2022-39190
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. Se ha detectado un problema en el archivo net/netfilter/nf_tables_api.c en el kernel de Linux versiones anteriores a 5.19.6. Puede producirse una denegación de servicio al vincularse a una cadena ya vinculada A flaw was found in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6 https://github.com/torvalds/linux/commit/e02f0d3970404bfea385b6edb86f2d936db0ea2b https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/all/20220824220330.64283-12-pablo%40netfilter.org https://twitter.com/pr0Ln https://access.redhat.com/security/cve/CVE-2022-39190 https://bugzilla.redhat.com/show_bug.cgi?id=2129152 • CWE-392: Missing Report of Error Condition •
CVE-2022-3078
https://notcve.org/view.php?id=CVE-2022-3078
An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c. Se ha detectado un problema en el kernel de Linux versiones hasta 5.16-rc6. Se presenta una falta de comprobación después de llamar a vzalloc() y una falta de liberación después de la asignación en drivers/media/test-drivers/vidtv/vidtv_s302m.c • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=e6a21a14106d9718aa4f8e115b1e474888eeba44 • CWE-476: NULL Pointer Dereference •
CVE-2022-1508
https://notcve.org/view.php?id=CVE-2022-1508
An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds. Se ha encontrado un fallo de lectura fuera de límites en el módulo io_uring del kernel de Linux en la forma en que un usuario desencadena la función io_read() con algunos parámetros especiales. Este fallo permite a un usuario local leer alguna memoria fuera de límites • https://access.redhat.com/security/cve/CVE-2022-1508 https://bugzilla.redhat.com/show_bug.cgi?id=2075533 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c2b3b74918200e46699338d7bcc19b1ea12110 https://ubuntu.com/security/CVE-2022-1508 • CWE-125: Out-of-bounds Read •