CVE-2022-1011 – kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes
https://notcve.org/view.php?id=CVE-2022-1011
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. Se ha encontrado un fallo de uso después de libre en el sistema de archivos FUSE del kernel de Linux en la forma en que un usuario activa write(). Este defecto permite a un usuario local obtener acceso no autorizado a los datos del sistema de archivos FUSE, lo que resulta en una escalada de privilegios Linux suffers from a vulnerability where FUSE allows use-after-free reads of write() buffers, allowing theft of (partial) /etc/shadow hashes. • https://github.com/xkaneiki/CVE-2022-1011 https://bugzilla.redhat.com/show_bug.cgi?id=2064855 https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://www.debian.org/security/2022/dsa-5173 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-1011 • CWE-416: Use After Free •
CVE-2022-0330 – kernel: possible privileges escalation due to missing TLB flush
https://notcve.org/view.php?id=CVE-2022-0330
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Se ha encontrado un fallo de acceso aleatorio a la memoria en la funcionalidad del controlador del kernel de la GPU i915 de Linux en la forma en que un usuario puede ejecutar código malicioso en la GPU. Este fallo permite a un usuario local bloquear el sistema o escalar sus privilegios en el mismo A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. • http://www.openwall.com/lists/oss-security/2022/11/30/1 https://bugzilla.redhat.com/show_bug.cgi?id=2042404 https://security.netapp.com/advisory/ntap-20220526-0001 https://www.openwall.com/lists/oss-security/2022/01/25/12 https://access.redhat.com/security/cve/CVE-2022-0330 • CWE-281: Improper Preservation of Permissions •
CVE-2021-3948 – mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
https://notcve.org/view.php?id=CVE-2021-3948
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster. Se ha encontrado una vulnerabilidad de permisos por defecto incorrectos en el controlador mig. Debido a un manejo incorrecto de espacios de nombres del cluster, un atacante puede ser capaz de migrar una carga de trabajo maliciosa al cluster de destino, impactando la confidencialidad, integridad y disponibilidad de los servicios ubicados en ese cluster • https://bugzilla.redhat.com/show_bug.cgi?id=2022017 https://access.redhat.com/security/cve/CVE-2021-3948 • CWE-276: Incorrect Default Permissions •
CVE-2021-4034 – Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. • https://github.com/dzonerzy/poc-cve-2021-4034 https://github.com/arthepsy/CVE-2021-4034 https://github.com/berdav/CVE-2021-4034 https://www.exploit-db.com/exploits/50689 https://github.com/PwnFunction/CVE-2021-4034 https://github.com/joeammond/CVE-2021-4034 https://github.com/nikaiw/CVE-2021-4034 https://github.com/ryaagard/CVE-2021-4034 https://github.com/Rvn0xsy/CVE-2021-4034 https://github.com/Ayrx/CVE-2021-4034 https://github.com/zhzyker/CVE-2021-4034& • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2021-23214 – postgresql: server processes unencrypted bytes from man-in-the-middle
https://notcve.org/view.php?id=CVE-2021-23214
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. Cuando el servidor está configurado para usar la autenticación confiable con un requisito de clientcert o para usar la autenticación de cert, un atacante de tipo man-in-the-middle puede inyectar consultas SQL arbitrarias cuando es establecida una conexión por primera vez, a pesar del uso de la verificación y el cifrado del certificado SSL It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands. • https://bugzilla.redhat.com/show_bug.cgi?id=2022666 https://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commit%3Bh=28e24125541545483093819efae9bca603441951 https://github.com/postgres/postgres/commit/28e24125541545483093819efae9bca603441951 https://security.gentoo.org/glsa/202211-04 https://www.postgresql.org/support/security/CVE-2021-23214 https://access.redhat.com/security/cve/CVE-2021-23214 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •