CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2022-2586 – Linux Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-2586
10 Aug 2022 — It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. Se descubrió que un objeto o expresión nft podía hacer referencia a un conjunto nft en una tabla nft diferente, lo que generaba un use-after-free una vez que se eliminaba esa tabla. A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker t... • https://github.com/aels/CVE-2022-2586-LPE • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2021-33655 – kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory
https://notcve.org/view.php?id=CVE-2021-33655
18 Jul 2022 — When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. Cuando son enviados datos maliciosos al kernel mediante ioctl cmd FBIOPUT_VSCREENINFO, el kernel escribirá memoria fuera de límites An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the sy... • http://www.openwall.com/lists/oss-security/2022/07/19/2 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-2318 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2022-2318
06 Jul 2022 — There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. Se presentan vulnerabilidades de uso de memoria previamente liberada causadas por el manejador del temporizador en el archivo net/rose/rose_timer.c de linux que permiten a atacantes bloquear el kernel de linux sin ningún privilegio Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did ... • https://github.com/torvalds/linux/commit/9cc02ede696272c5271a401e4f27c262359bc2f6 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-33742 – Ubuntu Security Notice USN-5668-1
https://notcve.org/view.php?id=CVE-2022-33742
05 Jul 2022 — Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backe... • http://www.openwall.com/lists/oss-security/2022/07/05/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-33741 – Ubuntu Security Notice USN-5572-1
https://notcve.org/view.php?id=CVE-2022-33741
05 Jul 2022 — Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backe... • http://www.openwall.com/lists/oss-security/2022/07/05/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-33740 – Ubuntu Security Notice USN-5572-1
https://notcve.org/view.php?id=CVE-2022-33740
05 Jul 2022 — Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backe... • http://www.openwall.com/lists/oss-security/2022/07/05/6 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-26365 – Ubuntu Security Notice USN-5773-1
https://notcve.org/view.php?id=CVE-2022-26365
05 Jul 2022 — Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backe... • http://www.openwall.com/lists/oss-security/2022/07/05/6 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-2078 – kernel: buffer overflow in nft_set_desc_concat_parse()
https://notcve.org/view.php?id=CVE-2022-2078
30 Jun 2022 — A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. Se ha encontrado una vulnerabilidad en la función nft_set_desc_concat_parse() del kernel de Linux. Este fallo permite a un atacante desencadenar un desbordamiento de búfer por medio de la función nft_set_desc_concat_parse() , causando una denegación de servicio y posiblemente una... • https://github.com/delsploit/CVE-2022-2078 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1852 – kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS
https://notcve.org/view.php?id=CVE-2022-1852
28 Jun 2022 — A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. Se ha encontrado un fallo de desreferencia de puntero NULL en el módulo KVM del kernel de Linux, que puede conllevar a una denegación de servicio en el archivo x86_emulate_insn en arch/x86/kvm/emulate.c. Este fallo es producido mientras es ejecutada una instrucció... • https://bugzilla.redhat.com/show_bug.cgi?id=2089815 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2022-32981
https://notcve.org/view.php?id=CVE-2022-32981
10 Jun 2022 — An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. Se ha detectado un problema en el kernel de Linux versiones hasta 5.18.3, en plataformas powerpc de 32 bits. Se presenta un desbordamiento de búfer en ptrace PEEKUSER y POKEUSER (también conocidos como PEEKUSR y POKEUSR) cuando es accedido a los registros de punto flotante • https://github.com/SpiralBL0CK/CVE-2022-32981 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •