CVE-2022-32981
https://notcve.org/view.php?id=CVE-2022-32981
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. Se ha detectado un problema en el kernel de Linux versiones hasta 5.18.3, en plataformas powerpc de 32 bits. Se presenta un desbordamiento de búfer en ptrace PEEKUSER y POKEUSER (también conocidos como PEEKUSR y POKEUSR) cuando es accedido a los registros de punto flotante • http://www.openwall.com/lists/oss-security/2022/06/14/3 https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id=8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2022-1012 – kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak
https://notcve.org/view.php?id=CVE-2022-1012
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. Se ha encontrado un problema de pérdida de memoria en el algoritmo de generación de puertos de origen TCP en el archivo net/ipv4/tcp.c debido al pequeño tamaño de la tabla de perturbación. Este fallo puede permitir a un atacante un filtrado de información y puede causar un problema de denegación de servicio The Linux kernel's TCP source port generation algorithm in the TCP stack contains a flaw due to the small table perturb size. This flaw allows an attacker to positively distinguish a system among devices with identical hardware and software, which lasts until the device restarts. An attacker can guess the evolution of the internal state used for source port generation. • https://bugzilla.redhat.com/show_bug.cgi?id=2064604 https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T https://security.netapp.com/advisory/ntap-20221020-0006 https://access.redhat.com/security/cve/CVE-2022-1012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2022-1263 – kernel: KVM: NULL pointer dereference in kvm_dirty_ring_push in virt/kvm/dirty_ring.c
https://notcve.org/view.php?id=CVE-2022-1263
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. Se encontró un problema de desreferencia de puntero NULL en KVM cuando es liberada una vCPU con el soporte de anillo sucio habilitado. Este fallo permite a un atacante local no privilegiado en el host emitir llamadas ioctl específicas, causando una condición de oops en el kernel que resulta en una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-1263 https://bugzilla.redhat.com/show_bug.cgi?id=2072698 https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4 https://www.openwall.com/lists/oss-security/2022/04/07/1 • CWE-476: NULL Pointer Dereference •
CVE-2022-32296
https://notcve.org/view.php?id=CVE-2022-32296
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. El kernel de Linux anterior a la versión 5.17.9 permite a los servidores TCP identificar a los clientes observando qué puertos de origen se utilizan. Esto ocurre debido al uso del Algoritmo 4 ("Double-Hash Port Selection Algorithm") del RFC 6056 • https://arxiv.org/abs/2209.12993 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 https://github.com/0xkol/rfc6056-device-tracker https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://www.debian.org/security/2022/dsa-5173 • CWE-330: Use of Insufficiently Random Values •
CVE-2022-1789 – kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva
https://notcve.org/view.php?id=CVE-2022-1789
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. Con shadow paging habilitada, la instrucción INVPCID resulta en una llamada a kvm_mmu_invpcid_gva. Si INVPCID es ejecutado con CR0.PG=0, la llamada de retorno invlpg no es establecida y el resultado es una desreferencia de puntero NULL A flaw was found in KVM. With shadow paging enabled if INVPCID is executed with CR0.PG=0, the invlpg callback is not set, and the result is a NULL pointer dereference. • https://bugzilla.redhat.com/show_bug.cgi?id=1832397 https://francozappa.github.io/about-bias https://kb.cert.org/vuls/id/647177 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6JP355XFVAB33X4BNO3ERVTURFYEDB7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBUOQTNTQ4ZCXHOCNKYIL2ZUIAZ675RD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KCEAPIVPRTJHKPF2A2HVF5XHD5XJT3MN https://www.debian.org/security • CWE-476: NULL Pointer Dereference •