CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3543 – Linux Kernel BPF af_unix.c unix_release_sock memory leak
https://notcve.org/view.php?id=CVE-2022-3543
17 Oct 2022 — A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211043. • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=7a62ed61367b8fd01bae1e18e30602c25060d824 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-3544 – Linux Kernel Netfilter sysfs.c damon_sysfs_add_target memory leak
https://notcve.org/view.php?id=CVE-2022-3544
17 Oct 2022 — A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211044. • https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git/commit/?id=1c8e2349f2d033f634d046063b704b2ca6c46972 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 1CVE-2022-3564 – Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free
https://notcve.org/view.php?id=CVE-2022-3564
17 Oct 2022 — A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. • https://github.com/Trinadh465/linux-4.1.15_CVE-2022-3564 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-3565 – Linux Kernel Bluetooth l1oip_core.c del_timer use after free
https://notcve.org/view.php?id=CVE-2022-3565
17 Oct 2022 — A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=2568a7e0832ee30b0a351016d03062ab4e0e0a3f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free CWE-662: Improper Synchronization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3541 – Linux Kernel BPF spl2sw_driver.c spl2sw_nvmem_get_mac_address use after free
https://notcve.org/view.php?id=CVE-2022-3541
17 Oct 2022 — A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211041 was assigned to this vulnerability. • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=12aece8b01507a2d357a1861f470e83621fbb6f2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2022-42720 – kernel: use-after-free in bss_ref_get in net/wireless/scan.c
https://notcve.org/view.php?id=CVE-2022-42720
13 Oct 2022 — Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code. Varios errores de recuento en el manejo de multi-BSS en la pila mac80211 en el kernel de Linux versiones 5.1 hasta 5.19.14, podrían ser usados por atacantes locales (capaces de inyectar tramas WLAN) para desencadenar condiciones de uso de memoria previament... • http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 1CVE-2022-41674 – kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans()
https://notcve.org/view.php?id=CVE-2022-41674
13 Oct 2022 — An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. Se ha detectado un problema en el kernel de Linux versiones hasta 5.19.11. Los atacantes capaces de inyectar tramas WLAN podrían causar un desbordamiento del búfer en la función ieee80211_bss_info_update en el archivo net/mac80211/scan.c A buffer overflow flaw was found in the u8 overflow in cfg80211_update_notlisted_... • http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2022-42719 – Ubuntu Security Notice USN-5728-3
https://notcve.org/view.php?id=CVE-2022-42719
13 Oct 2022 — A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. Un uso de memoria previamente liberada en la pila mac80211 cuando ea analizado un elemento multi-BSSID en el kernel de Linux versiones 5.2 hasta 5.19.14, podría ser usado por atacantes (capaces de inyectar tramas WLAN) para bloquear el kernel y potencialmente ejecutar código Ja... • http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 1CVE-2022-3303 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2022-3303
27 Sep 2022 — A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition Se ha encontrado un fallo de condición de carrera en el subsistema de sonido del kernel de Linux debido a un bloqueo inapropiado. Podría conllevar a una desreferencia de puntero NULL mientr... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3103
https://notcve.org/view.php?id=CVE-2022-3103
26 Sep 2022 — off-by-one in io_uring module. Una vulnerabilidad de tipo off-by-one en el módulo io_uring. • https://github.com/torvalds/linux/releases/tag/v6.0-rc3 • CWE-193: Off-by-one Error •