CVE-2022-45934 – kernel: integer overflow in l2cap_config_req() in net/bluetooth/l2cap_core.c
https://notcve.org/view.php?id=CVE-2022-45934
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.10. l2cap_config_req en net/bluetooth/l2cap_core.c tiene una envoltura de números enteros a través de paquetes L2CAP_CONF_REQ. An integer overflow flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user generates malicious L2CAP_CONF_REQ packets. This flaw allows a local or bluetooth connection user to crash the system. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDAKCGDW6CQ6G3RZWYZJO454R3L5CTQB https://security.netapp.com/advisory/ntap-20230113-0008 https://www.debian.org/security/2023/dsa-5324 https://access.redhat.co • CWE-190: Integer Overflow or Wraparound •
CVE-2022-45887 – kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c
https://notcve.org/view.php?id=CVE-2022-45887
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c tiene una pérdida de memoria debido a la falta de una llamada dvb_frontend_detach. A memory leak issue was found in the Linux kernel media subsystem in the TTUSB DEC driver. It could occur in the ttusb_dec_exit_dvb() function because of the lack of a dvb_frontend_detach call. A local user could trigger this flaw by repeatedly plugging and unplugging the device, potentially causing a denial of service condition. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517a281338322ff8293f988771c98aaa7205e457 https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel%40gmail.com https://security.netapp.com/advisory/ntap-20230113-0006 https://access.redhat.com/security/cve/CVE-2022-45887 https://bugzilla.redhat.com/show_bug.cgi?id=2148520 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2022-45886 – kernel: use-after-free due to race condition occurring in dvb_net.c
https://notcve.org/view.php?id=CVE-2022-45886
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/dvb-core/dvb_net.c tiene una condición de carrera .disconnect versus dvb_device_open que conduce a un use-after-free. A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the dvb_net component of the DVB core device driver. It could occur between the time the device is disconnected (.disconnect function) and the time the device node is opened (dvb_device_open function). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4172385b0c9ac366dcab78eda48c26814b87ed1a https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel%40gmail.com https://security.netapp.com/advisory/ntap-20230113-0006 https://access.redhat.com/security/cve/CVE-2022-45886 https://bugzilla.redhat.com/show_bug.cgi?id=2148517 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2022-45884 – kernel: use-after-free due to race condition occurring in dvb_register_device()
https://notcve.org/view.php?id=CVE-2022-45884
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/dvb-core/dvbdev.c tiene un use-after-free, relacionado con dvb_register_device que asigna dinámicamente fops. A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvb_register_device() function due to the file_operations structure (fops) being dynamically allocated and later kfreed. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3 https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com https://security.netapp.com/advisory/ntap-20230113-0006 https://access.redhat.com/security/cve/CVE-2022-45884 https://bugzilla.redhat.com/show_bug.cgi?id=2148510 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2022-45888
https://notcve.org/view.php?id=CVE-2022-45888
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/char/xillybus/xillyusb.c tiene una condición de carrera y uso después de la liberación durante la extracción física de un dispositivo USB. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=282a4b71816b6076029017a7bab3a9dcee12a920 https://lore.kernel.org/all/20221022175404.GA375335%40ubuntu https://security.netapp.com/advisory/ntap-20230113-0006 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •