CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39190 – kernel: nf_tables disallow binding to already bound chain
https://notcve.org/view.php?id=CVE-2022-39190
02 Sep 2022 — An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. Se ha detectado un problema en el archivo net/netfilter/nf_tables_api.c en el kernel de Linux versiones anteriores a 5.19.6. Puede producirse una denegación de servicio al vincularse a una cadena ya vinculada A flaw was found in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6 • CWE-392: Missing Report of Error Condition •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39188 – kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
https://notcve.org/view.php?id=CVE-2022-39188
02 Sep 2022 — An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. Se ha detectado un problema en el archivo include/asm-generic/tlb.h en el kernel de Linux versiones anteriores a 5.19. Debido a una condición de carrera (unmap_mapping_range frente a munmap), un controlador de dispositivo puede liberar una... • https://bugs.chromium.org/p/project-zero/issues/detail?id=2329 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2590 – Ubuntu Security Notice USN-6071-1
https://notcve.org/view.php?id=CVE-2022-2590
31 Aug 2022 — A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system. Se encontró una condición de carrera en la forma en que el subsistema de memoria del kernel de Linux manejaba la ruptura de copia en escritura (COW) de las asignaciones de memoria compartida privada de sólo lectur... • https://github.com/hyeonjun17/CVE-2022-2590-analysis • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 0CVE-2022-3028 – kernel: race condition in xfrm_probe_algs can lead to OOB read/write
https://notcve.org/view.php?id=CVE-2022-3028
31 Aug 2022 — A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. Se ha encontrado una condición de carrera en el marco IP del kernel de Linux para la transformación de paquetes (subsistema XFRM) cuando son producidas simultáneament... • https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 0CVE-2022-2961
https://notcve.org/view.php?id=CVE-2022-2961
29 Aug 2022 — A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en la funcionalidad PLP Rose del kernel de Linux en la forma en que un usuario desencadena una condición de carrera al llamar a bind mientras es desencadenad... • https://access.redhat.com/security/cve/CVE-2022-2961 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-2978 – Ubuntu Security Notice USN-5728-3
https://notcve.org/view.php?id=CVE-2022-2978
24 Aug 2022 — A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Se encontró un fallo de uso de memoria previamente liberada en el sistema de archivos NILFS del kernel de Linux en la forma en que el usuario desencadena la función security_inode_alloc para que falle con la siguiente l... • https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 24EXPL: 0CVE-2022-2873 – kernel: an out-of-bounds vulnerability in i2c-ismt driver
https://notcve.org/view.php?id=CVE-2022-2873
22 Aug 2022 — An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. Se ha encontrado un fallo de acceso a memoria fuera de límites en el controlador de host iSMT SMBus del kernel de Linux, en la forma en que un usuario desencadena I2C_SMBUS_BLOCK_DATA (con el ioctl I2C_SMBUS) con datos de entrada maliciosos. Este ... • https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2503 – Linux Kernel LoadPin bypass via dm-verity table reload
https://notcve.org/view.php?id=CVE-2022-2503
12 Aug 2022 — Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for... • https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2585 – kernel: posix cpu timer use-after-free may lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2022-2585
11 Aug 2022 — It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. Se descubrió que al ejecutar desde un subproceso no líder, los temporizadores de CPU POSIX armados se dejaban en una lista pero se liberaban, lo que generaba un use-after-free. A use-after-free flaw was found in the Linux kernel’s POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This f... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 9CVE-2022-2588 – Linux Kernel route4_change Double Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2588
10 Aug 2022 — It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Se descubrió que la implementación del filtro cls_route en el kernel de Linux no eliminaba un filtro antiguo de la tabla hash antes de liberarlo si su identificador tenía el valor 0. A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user ... • https://github.com/Markakd/CVE-2022-2588 • CWE-415: Double Free CWE-416: Use After Free •