CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 10CVE-2022-34918 – Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-34918
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. Se ha detectado un problema en el kernel de Linux versiones hasta 5.18.9. • https://github.com/veritas501/CVE-2022-34918 https://github.com/randorisec/CVE-2022-34918-LPE-PoC https://github.com/merlinepedra25/CVE-2022-34918-LPE-PoC https://github.com/merlinepedra/CVE-2022-34918-LPE-PoC https://github.com/linulinu/CVE-2022-34918 http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html http://www.openwall.com/lists/oss-secur • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1025: Comparison Using Wrong Factors •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-2078 – kernel: buffer overflow in nft_set_desc_concat_parse()
https://notcve.org/view.php?id=CVE-2022-2078
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. Se ha encontrado una vulnerabilidad en la función nft_set_desc_concat_parse() del kernel de Linux. Este fallo permite a un atacante desencadenar un desbordamiento de búfer por medio de la función nft_set_desc_concat_parse() , causando una denegación de servicio y posiblemente una ejecución de código • https://github.com/delsploit/CVE-2022-2078 https://bugzilla.redhat.com/show_bug.cgi?id=2096178 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85 https://www.debian.org/security/2022/dsa-5161 https://access.redhat.com/security/cve/CVE-2022-2078 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1852 – kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS
https://notcve.org/view.php?id=CVE-2022-1852
A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. Se ha encontrado un fallo de desreferencia de puntero NULL en el módulo KVM del kernel de Linux, que puede conllevar a una denegación de servicio en el archivo x86_emulate_insn en arch/x86/kvm/emulate.c. Este fallo es producido mientras es ejecutada una instrucción ilegal en el huésped en la CPU Intel • https://bugzilla.redhat.com/show_bug.cgi?id=2089815 https://github.com/torvalds/linux/commit/fee060cd52d69c114b62d1a2948ea9648b5131f9 https://access.redhat.com/security/cve/CVE-2022-1852 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34494
https://notcve.org/view.php?id=CVE-2022-34494
rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. La función rpmsg_virtio_add_ctrl_dev en el archivo drivers/rpmsg/virtio_rpmsg_bus.c en el kernel de Linux versiones anteriores a 5.18.4, presenta una doble liberación • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4 https://github.com/torvalds/linux/commit/1680939e9ecf7764fba8689cfb3429c2fe2bb23c • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34495
https://notcve.org/view.php?id=CVE-2022-34495
rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. La función rpmsg_probe en el archivo drivers/rpmsg/virtio_rpmsg_bus.c en el kernel de Linux versiones anteriores a 5.18.4, presenta una doble liberación • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4 https://github.com/torvalds/linux/commit/c2eecefec5df1306eafce28ccdf1ca159a552ecc • CWE-415: Double Free •