CVSS: 7.4EPSS: 0%CPEs: 14EXPL: 0CVE-2022-1729 – kernel: race condition in perf_event_open leads to privilege escalation
https://notcve.org/view.php?id=CVE-2022-1729
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. Se ha encontrado una condición de carrera en el kernel de Linux en la función perf_event_open() que puede ser explotada por un usuario no privilegiado para conseguir privilegios de root. El bug permite construir varias primitivas de explotación como un filtrado de información de direcciones del kernel, una ejecución arbitraria, etc A use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance monitoring between the leading PERF_TYPE_TRACEPOINT and sub PERF_EVENT_HARDWARE plus the PERF_EVENT_SOFTWARE using the perf_event_open() function with these three types. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704 https://security.netapp.com/advisory/ntap-20230214-0006 https://www.openwall.com/lists/oss-security/2022/05/20/2 https://access.redhat.com/security/cve/CVE-2022-1729 https://bugzilla.redhat.com/show_bug.cgi?id=2086753 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-366: Race Condition within a Thread •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-28390 – kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
https://notcve.org/view.php?id=CVE-2022-28390
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. La función ems_usb_start_xmit en el archivo drivers/net/can/usb/ems_usb.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación A double-free flaw was found in the Linux kernel in the ems_usb_start_xmit function. This flaw allows an attacker to create a memory leak and corrupt the underlying data structure by calling free more than once. • https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT https://security.netapp.com/advis • CWE-415: Double Free •
CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0CVE-2021-20322 – kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies
https://notcve.org/view.php?id=CVE-2021-20322
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Se encontró un fallo en el procesamiento de los errores ICMP recibidos (fragmento ICMP necesario y redireccionamiento ICMP) en la funcionalidad del kernel de Linux que permite la capacidad de escanear rápidamente los puertos UDP abiertos. Este fallo permite a un usuario remoto fuera de la ruta de acceso omitir efectivamente la aleatorización del puerto de origen UDP. • https://bugzilla.redhat.com/show_bug.cgi?id=2014230 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e https://git.kernel.org/pub/scm/linux/ke • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 2CVE-2021-4154 – kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout
https://notcve.org/view.php?id=CVE-2021-4154
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. Se encontró un defecto de uso de memoria previamente liberada en la función cgroup1_parse_param en el archivo kernel/cgroup/cgroup-v1.c en el analizador cgroup v1 del kernel de Linux. Un atacante local con un privilegio de usuario podría causar una escalada de privilegios al explotar el parámetro de syscall fsconfig, conllevando a una ruptura del contenedor y una denegación de servicio en el sistema • https://github.com/Markakd/CVE-2021-4154 https://github.com/veritas501/CVE-2021-4154 https://bugzilla.redhat.com/show_bug.cgi?id=2034514 https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b https://security.netapp.com/advisory/ntap-20220225-0004 https://access.redhat.com/security/cve/CVE-2021-4154 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 1CVE-2021-46143 – expat: Integer overflow in doProlog in xmlparse.c
https://notcve.org/view.php?id=CVE-2021-46143
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. En la función doProlog en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, se presenta un desbordamiento de enteros para m_groupSize. expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/issues/532 https://github.com/libexpat/libexpat/pull/538 https://security.gentoo.org/glsa/202209-24 https://security.netapp.com/advisory/ntap-20220121-0006 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://access.redhat.com/security/cve/CVE-2021-46143 https://bu • CWE-190: Integer Overflow or Wraparound •