CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2022-3328 – snap-confine must_mkdir_and_open_with_perms() Race Condition
https://notcve.org/view.php?id=CVE-2022-3328
Race condition in snap-confine's must_mkdir_and_open_with_perms() Condición de ejecución en must_mkdir_and_open_with_perms() de snap-confine • https://github.com/Mr-xn/CVE-2022-3328 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 https://ubuntu.com/security/notices/USN-5753-1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 3CVE-2022-2602 – Linux Kernel io_uring Improper Update of Reference Count Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2602
io_uring UAF, Unix SCM garbage collection io_uring UAF, recolección de basura Unix SCM This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the io_uring API. The issue results from the improper management of a reference count. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Linux suffers from an io_uring use-after-free vulnerability due to broken unix GC interaction. • https://github.com/LukeGix/CVE-2022-2602 https://github.com/kiks7/CVE-2022-2602-Kernel-Exploit https://github.com/th3-5had0w/CVE-2022-2602-Study http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602 https://ubuntu.com/security/notices/USN-5691-1 https://ubuntu.com/security/notices/USN-5692-1 https://ubuntu.com/security/notices/USN-5693-1 https://ubuntu.com/security/ • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-40617
https://notcve.org/view.php?id=CVE-2022-40617
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. strongSwan anterior a 5.9.8 permite a atacantes remotos provocar una Denegación de Servicio en el complemento de revocación enviando un certificado de entidad final (y CA intermedia) manipulado que contiene una URL CRL/OCSP que apunta a un servidor (bajo el control del atacante) que no responde adecuadamente pero (por ejemplo) simplemente no hace nada después del protocolo de enlace TCP inicial o envía una cantidad excesiva de datos de la aplicación. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3GAYIOCSLU57C45CO4UE4IV4JZE4W3L https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-%28cve-2022-40617%29.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 1CVE-2022-41222 – kernel: mm/mremap.c use-after-free vulnerability
https://notcve.org/view.php?id=CVE-2022-41222
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. El archivo mm/mremap.c en el kernel de Linux versiones anteriores a 5.13.3, presenta un uso de memoria previamente liberada por medio de un TLB obsoleto porque un bloqueo rmap no es mantenido durante un movimiento PUD A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code in how a race condition happens between rmap walk and mremap. This flaw allows a local user to crash or potentially escalate their privileges on the system. Linux stable versions 5.4 and 5.10 suffers from a page use-after-free via stale TLB caused by an rmap lock not held during PUD move. • http://packetstormsecurity.com/files/168466/Linux-Stable-5.4-5.10-Use-After-Free-Race-Condition.html http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html https://bugs.chromium.org/p/project-zero/issues/detail?id=2347 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2 https://lists.debian.org/debian-lts-announce/2022/11/msg00001 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2585 – kernel: posix cpu timer use-after-free may lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2022-2585
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. Se descubrió que al ejecutar desde un subproceso no líder, los temporizadores de CPU POSIX armados se dejaban en una lista pero se liberaban, lo que generaba un use-after-free. A use-after-free flaw was found in the Linux kernel’s POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u https://ubuntu.com/security/notices/USN-5564-1 https://ubuntu.com/security/notices/USN-5565-1 https://ubuntu.com/security/notices/USN-5566-1 https://ubuntu.com/security/notices/USN-5567-1 https://www.openwall.com/lists/oss-security/2022/08/09/7 https://access.redhat.com/security/cve/CVE-2022-2585 https://bugzilla.redhat • CWE-416: Use After Free •