CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-3328 – snap-confine must_mkdir_and_open_with_perms() Race Condition
https://notcve.org/view.php?id=CVE-2022-3328
Race condition in snap-confine's must_mkdir_and_open_with_perms() Condición de ejecución en must_mkdir_and_open_with_perms() de snap-confine • https://github.com/Mr-xn/CVE-2022-3328 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 https://ubuntu.com/security/notices/USN-5753-1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 3CVE-2022-2602 – Linux Kernel io_uring Improper Update of Reference Count Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2602
io_uring UAF, Unix SCM garbage collection io_uring UAF, recolección de basura Unix SCM This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the io_uring API. The issue results from the improper management of a reference count. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Linux suffers from an io_uring use-after-free vulnerability due to broken unix GC interaction. • https://github.com/LukeGix/CVE-2022-2602 https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit https://github.com/th3-5had0w/CVE-2022-2602-Study http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602 https://ubuntu.com/security/notices/USN-5691-1 https://ubuntu.com/security/notices/USN-5692-1 https://ubuntu.com/security/notices/USN-5693-1 https://ubuntu.com/security/ • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-40617
https://notcve.org/view.php?id=CVE-2022-40617
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. strongSwan anterior a 5.9.8 permite a atacantes remotos provocar una Denegación de Servicio en el complemento de revocación enviando un certificado de entidad final (y CA intermedia) manipulado que contiene una URL CRL/OCSP que apunta a un servidor (bajo el control del atacante) que no responde adecuadamente pero (por ejemplo) simplemente no hace nada después del protocolo de enlace TCP inicial o envía una cantidad excesiva de datos de la aplicación. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-40277
https://notcve.org/view.php?id=CVE-2022-40277
Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function. Joplin versión 2.8.8, permite a un atacante externo ejecutar comandos arbitrarios de forma remota en cualquier cliente que abra un enlace en un archivo markdown malicioso, por medio de Joplin. Esto es posible porque la aplicación no comprueba apropiadamente el esquema/protocolo de los enlaces existentes en el archivo markdown antes de pasarlos a la función "shell.openExternal" • https://fluidattacks.com/advisories/skrillex https://github.com/laurent22/joplin • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 1CVE-2022-41222 – kernel: mm/mremap.c use-after-free vulnerability
https://notcve.org/view.php?id=CVE-2022-41222
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. El archivo mm/mremap.c en el kernel de Linux versiones anteriores a 5.13.3, presenta un uso de memoria previamente liberada por medio de un TLB obsoleto porque un bloqueo rmap no es mantenido durante un movimiento PUD A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code in how a race condition happens between rmap walk and mremap. This flaw allows a local user to crash or potentially escalate their privileges on the system. Linux stable versions 5.4 and 5.10 suffers from a page use-after-free via stale TLB caused by an rmap lock not held during PUD move. • http://packetstormsecurity.com/files/168466/Linux-Stable-5.4-5.10-Use-After-Free-Race-Condition.html http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html https://bugs.chromium.org/p/project-zero/issues/detail?id=2347 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2 https://lists.debian.org/debian-lts-announce/2022/11/msg00001 • CWE-416: Use After Free •