CVE-2022-42896 – Info Leak in l2cap_core in the Linux Kernel
https://notcve.org/view.php?id=CVE-2022-42896
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url Existen vulnerabilidades de use-after-free en las funciones l2cap_connect y l2cap_le_connect_req del kernel de Linux net/bluetooth/l2cap_core.c que pueden permitir la ejecución de código y la pérdida de memoria del kernel (respectivamente) de forma remota a través de Bluetooth. Un atacante remoto podría ejecutar código que filtre la memoria del kernel a través de Bluetooth si se encuentra cerca de la víctima. Recomendamos actualizar al commit anterior https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim. • https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4 https://access.redhat.com/security/cve/CVE-2022-42896 https://bugzilla.redhat.com/show_bug.cgi?id=2147364 • CWE-416: Use After Free •
CVE-2022-43945 – kernel: nfsd buffer overflow by RPC message over TCP with garbage data
https://notcve.org/view.php?id=CVE-2022-43945
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. • http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8 https://security.netapp.com/advisory/ntap-20221215-0006 https://access.redhat.com/security/cve/CVE-2022-43945 https://bugzilla.redhat.com/show_bug.cgi?id=2141752 • CWE-131: Incorrect Calculation of Buffer Size CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2022-44033
https://notcve.org/view.php?id=CVE-2022-44033
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach(). Se descubrió un problema en el kernel de Linux hasta la versión 6.0.6. drivers/char/pcmcia/cm4040_cs.c tiene una condición de ejecución y Use-After-Free resultante si un atacante físicamente cercano elimina un dispositivo PCMCIA mientras llama a open(), también conocido como una condición de ejecución entre cm4040_open() y Reader_detach(). • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15 https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu https://lore.kernel.org/lkml/20220919040457.GA302681%40ubuntu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2022-44032
https://notcve.org/view.php?id=CVE-2022-44032
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach(). Se descubrió un problema en el kernel de Linux hasta la versión 6.0.6. drivers/char/pcmcia/cm4000_cs.c tiene una condición de ejecución y Use-After-Free resultante si un atacante físicamente cercano elimina un dispositivo PCMCIA mientras llama a open(), también conocido como una condición de ejecución entre cmm_open() y cm4000_detach(). • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15 https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu https://lore.kernel.org/lkml/20220919040701.GA302806%40ubuntu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2022-44034
https://notcve.org/view.php?id=CVE-2022-44034
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove(). Se descubrió un problema en el kernel de Linux hasta la versión 6.0.6. drivers/char/pcmcia/scr24x_cs.c tiene una condición de ejecución y Use-After-Free resultante si un atacante físicamente cercano elimina un dispositivo PCMCIA mientras llama a open(), también conocido como una condición de ejecución entre scr24x_open() y scr24x_remove(). • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15 https://lore.kernel.org/lkml/20220916050333.GA188358%40ubuntu https://lore.kernel.org/lkml/20220919101825.GA313940%40ubuntu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •