CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 5CVE-2022-2588 – Linux Kernel route4_change Double Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2588
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Se descubrió que la implementación del filtro cls_route en el kernel de Linux no eliminaba un filtro antiguo de la tabla hash antes de liberarlo si su identificador tenía el valor 0. A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. • https://github.com/Markakd/CVE-2022-2588 https://github.com/veritas501/CVE-2022-2588 https://github.com/BassamGraini/CVE-2022-2588 https://github.com/PolymorphicOpcode/CVE-2022-2588 https://github.com/dom4570/CVE-2022-2588 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588 https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u https://ubuntu.com/security/notices/USN-5557-1 https://ubuntu.com/security/notices/USN-5560-1 https:/&#x • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23238
https://notcve.org/view.php?id=CVE-2022-23238
Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content. Las implantaciones en Linux de StorageGRID (anteriormente conocido como StorageGRID Webscale) versiones 11.6.0 hasta 11.6.0.2 implantadas con una versión del kernel de Linux inferior a 4.7.0 son susceptibles de una vulnerabilidad que podría permitir a un atacante remoto no autenticado visualizar información de métricas limitada y modificar los destinatarios y el contenido de los correos electrónicos de alerta • https://security.netapp.com/advisory/NTAP-20220808-0001 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 2CVE-2022-36123
https://notcve.org/view.php?id=CVE-2022-36123
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. El kernel de Linux versiones anteriores a 5.18.13, carece de una determinada operación de borrado para el símbolo de inicio de bloque (.bss). Esto permite a usuarios del SO huésped Xen PV causar una denegación de servicio o conseguir privilegios • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13 https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0 https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884 https://security.netapp.com/advisory/ntap-20220901-0003 https://sick.codes/sick-2022-128 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-0812
https://notcve.org/view.php?id=CVE-2022-0812
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. Se ha encontrado un fallo de filtrado de información en NFS sobre RDMA en el archivo net/sunrpc/xprtrdma/rpc_rdma.c en el Kernel de Linux. Este fallo permite a un atacante privilegiado de usuario normales filtrar información del kernel • https://access.redhat.com/security/cve/CVE-2022-0812 https://bugzilla.redhat.com/show_bug.cgi?id=2058361 https://bugzilla.redhat.com/show_bug.cgi?id=2058955 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=912288442cb2f431bf3c8cb097a5de83bc6dbac1 https://security.netapp.com/advisory/ntap-20230427-0011 https://ubuntu.com/security/CVE-2022-0812 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-1184 – kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
https://notcve.org/view.php?id=CVE-2022-1184
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. Se ha detectado un fallo de uso de memoria previamente liberada en el archivo fs/ext4/namei.c:dx_insert_block() en el subcomponente del sistema de archivos del kernel de Linux. Este fallo permite a un atacante local con privilegios de usuario causar una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-1184 https://bugzilla.redhat.com/show_bug.cgi?id=2070205 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://ubuntu.com/security/CVE-2022-1184 https://www.debian.org/security/2022/dsa-5257 • CWE-416: Use After Free •