CVE-2021-4037 – kernel: security regression for CVE-2018-13405
https://notcve.org/view.php?id=CVE-2021-4037
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. Se ha encontrado una vulnerabilidad en la lógica de la función fs/inode.c:inode_init_owner() del kernel de LInux que permite a usuarios locales crear archivos para el sistema de archivos XFS con una propiedad de grupo no deseada y con los bits de permiso de ejecución de grupo y SGID establecidos, en un escenario en el que un directorio es SGID y pertenece a un determinado grupo y es escribible por un usuario que no es miembro de este grupo. Esto puede conllevar a una concesión de excesivos permisos cuando no deberían concederse. • https://access.redhat.com/security/cve/CVE-2021-4037 https://bugzilla.redhat.com/show_bug.cgi?id=2004810 https://bugzilla.redhat.com/show_bug.cgi?id=2027239 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01ea173e103e https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.debian.org/security/2022/dsa-5257 • CWE-284: Improper Access Control •
CVE-2022-29968
https://notcve.org/view.php?id=CVE-2022-29968
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. Se ha detectado un problema en el kernel de Linux versiones hasta 5.17.5. La función io_rw_init_file en el archivo fs/io_uring.c carece de la inicialización de kiocb-)private • https://github.com/jprx/CVE-2022-29968 https://github.com/torvalds/linux/commit/32452a3eb8b64e01e2be717f518c0be046975b9d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU7MT7BPTA2NG24BTLZF5ZWYTLSO7BU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TLWTG3TWIMLNQEVTA3ZQYVLLU2AJM3DY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XA7UZ3HS73KXVYCIKN5ZDH7LLLGPUMOZ https://security.netapp.com/advisory/ntap-20220715-0009 • CWE-909: Missing Initialization of Resource •
CVE-2022-1353 – kernel: kernel info leak issue in pfkey_register
https://notcve.org/view.php?id=CVE-2022-1353
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Se encontró una vulnerabilidad en la función pfkey_register en el archivo net/key/af_key.c en el kernel de Linux. Este fallo permite a un usuario local no privilegiado acceder a la memoria del kernel, conllevando a un bloqueo del sistema o un filtrado de información interna del kernel • https://bugzilla.redhat.com/show_bug.cgi?id=2066819 https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://security.netapp.com/advisory/ntap-20220629-0001 https://www.debian.org/security/2022/dsa-5127 https://www.debian.org/security/2022/dsa-5173 https://access.redhat.com/security/cve/CVE-2022-1353 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVE-2022-1195
https://notcve.org/view.php?id=CVE-2022-1195
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en el kernel de Linux en drivers/net/hamradio. Este fallo permite a un atacante local con privilegio de usuario causar una denegación de servicio (DOS) cuando el dispositivo mkiss o sixpack es desprendido y reclama recursos antes de tiempo • https://bugzilla.redhat.com/show_bug.cgi?id=2056381 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b9111922b1f399aba6ed1e1b8f2079c3da1aed8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e0588c291d6ce225f2b891753ca41d45ba42469 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=81b1d548d00bcd028303c4f3150fa753b9b8aa71 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/? • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2022-29582
https://notcve.org/view.php?id=CVE-2022-29582
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. En el kernel de Linux versiones anteriores a 5.17.3, el archivo fs/io_uring.c presenta un uso de memoria previamente liberada debido a una condición de carrera en la función io_uring timeouts. Esto puede ser desencadenado por un usuario local que no tenga acceso a ningún espacio de nombres de usuario; sin embargo, la condición de carrera quizás sólo pueda ser explotada con poca frecuencia • https://github.com/Ruia-ruia/CVE-2022-29582-Exploit http://www.openwall.com/lists/oss-security/2022/04/22/4 http://www.openwall.com/lists/oss-security/2022/08/08/3 http://www.openwall.com/lists/oss-security/2024/04/24/3 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e677edbcabee849bfdd43f1602bccbecf736a646 https://github.com/torvalds/linux/commit/e677edbcabee849bfdd43f1602bccbecf736a646 https • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •