CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2022-0516 – kernel: missing check in ioctl allows kernel memory read/write
https://notcve.org/view.php?id=CVE-2022-0516
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. Se encontró una vulnerabilidad en la función kvm_s390_guest_sida_op en el archivo arch/s390/kvm/kvm-s390.c en KVM para s390 en el kernel de Linux. Este fallo permite a un atacante local con un privilegio de usuario normal obtener un acceso de escritura en memoria no autorizado. • https://bugzilla.redhat.com/show_bug.cgi?id=2050237 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09a93c1df3eafa43bcdfd7bf837c574911f12f55 https://security.netapp.com/advisory/ntap-20220331-0009 https://www.debian.org/security/2022/dsa-5092 https://access.redhat.com/security/cve/CVE-2022-0516 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.8EPSS: 12%CPEs: 59EXPL: 31CVE-2022-0847 – Linux Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Se ha encontrado un fallo en la forma en que el miembro "flags" de la estructura del nuevo búfer de la tubería carecía de la inicialización apropiada en las funciones copy_page_to_iter_pipe y push_pipe en el kernel de Linux y, por tanto, podía contener valores obsoletos. Un usuario local no privilegiado podía usar este fallo para escribir en páginas de la caché de páginas respaldadas por archivos de sólo lectura y así escalar sus privilegios en el sistema Linux versions 4.20 and above have an issue where ktls writes into spliced readonly pages. Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. • https://www.exploit-db.com/exploits/50808 https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits https://github.com/r1is/CVE-2022-0847 https://github.com/bbaranoff/CVE-2022-0847 https://github.com/Al1ex/CVE-2022-0847 https://github.com/antx-code/CVE-2022-0847 https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker https://github.com/knqyf263/CVE-2022-0847 https://github.com/chenaotian/CVE-2022- • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2022-26490
https://notcve.org/view.php?id=CVE-2022-26490
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. La función st21nfca_connectivity_event_received en el archivo drivers/nfc/st21nfca/se.c en el kernel de Linux hasta la versión 5.16.12, presenta desbordamientos de búfer EVT_TRANSACTION debido a parámetros de longitud no confiables • https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT https://security.netapp.com/advisory/ntap-20220429-0004 https://www.debian.org/security/2022/dsa-5127 https://www.debian.org/security/20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2021-3999 – glibc: Off-by-one buffer overflow/underflow in getcwd()
https://notcve.org/view.php?id=CVE-2021-3999
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. Se ha encontrado un fallo en glibc. Un desbordamiento y subdesbordamiento de búfer en la función getcwd() puede conllevar a una corrupción de memoria cuando el tamaño del búfer es exactamente 1. • https://access.redhat.com/security/cve/CVE-2021-3999 https://bugzilla.redhat.com/show_bug.cgi?id=2024637 https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://security-tracker.debian.org/tracker/CVE-2021-3999 https://security.netapp.com/advisory/ntap-20221104-0001 https://sourceware.org/bugzilla/show_bug.cgi?id=28769 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e https://www.openwall.com/lists/oss-security/2022/01/24/4 • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3998
https://notcve.org/view.php?id=CVE-2021-3998
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. Se ha encontrado un fallo en glibc. La función realpath() puede devolver por error un valor no esperado, conllevando potencialmente a un filtrado de información y una divulgación de datos confidenciales. • https://access.redhat.com/security/cve/CVE-2021-3998 https://bugzilla.redhat.com/show_bug.cgi?id=2024633 https://security-tracker.debian.org/tracker/CVE-2021-3998 https://security.netapp.com/advisory/ntap-20221020-0003 https://sourceware.org/bugzilla/show_bug.cgi?id=28770 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb https://www.openwall.com/lists/oss-security/2022 • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value •