CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4696
https://notcve.org/view.php?id=CVE-2022-4696
11 Jan 2023 — There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerabi... • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=75454b4bbfc7e6a4dd8338556f36ea9107ddf61a • CWE-416: Use After Free CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-4379 – kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack
https://notcve.org/view.php?id=CVE-2022-4379
10 Jan 2023 — A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial of service. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-4095
https://notcve.org/view.php?id=CVE-2022-4095
09 Jan 2023 — A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c53b3dcb9942b8ed7f81ee3921c4085d87070c73 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2196 – Speculative execution attacks in KVM VMX
https://notcve.org/view.php?id=CVE-2022-2196
09 Jan 2023 — A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a A flaw was found in the KVM's Intel nested virtualization feature (nVMX). Since L1... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-4378 – kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
https://notcve.org/view.php?id=CVE-2022-4378
05 Jan 2023 — A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. • http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47940
https://notcve.org/view.php?id=CVE-2022-47940
23 Dec 2022 — An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write. • http://www.openwall.com/lists/oss-security/2022/12/23/10 • CWE-125: Out-of-bounds Read •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-47943 – Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-47943
23 Dec 2022 — An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case. Se descubrió un problema en ksmbd en el kernel de Linux 5.15 a 5.19 anterior a 5.19.2. Hay una lectura fuera de los límites y OOPS para SMB2_WRITE, cuando hay una longitud grande en el caso de DataOffset cero. This vulnerability allows remote attackers to disclose sensitive information on affected installations... • http://www.openwall.com/lists/oss-security/2022/12/23/10 • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47938 – Linux Kernel ksmbd Out-Of-Bounds Read Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-47938
22 Dec 2022 — An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT. Se descubrió un problema en ksmbd en el kernel de Linux 5.15 a 5.19 anterior a 5.19.2. fs/ksmbd/smb2misc.c tiene una lectura fuera de los límites y OOPS para SMB2_TREE_CONNECT. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is required to exploit this vu... • http://www.openwall.com/lists/oss-security/2022/12/23/10 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2022-47939 – Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-47939
22 Dec 2022 — An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validatin... • http://www.openwall.com/lists/oss-security/2022/12/23/10 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-47941 – Linux Kernel ksmbd Memory Exhaustion Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-47941
22 Dec 2022 — An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB2_NEGOTIATE commands. The issue results from the lack of memory release after i... • http://www.openwall.com/lists/oss-security/2022/12/23/10 • CWE-401: Missing Release of Memory after Effective Lifetime •