CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-4095
https://notcve.org/view.php?id=CVE-2021-4095
08 Mar 2022 — A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1. Se encontró una desreferencia de puntero NULL en el KVM del kernel de Linux cuando se habilita el registro de anillo sucio sin un contexto de vCPU activo. Un a... • http://www.openwall.com/lists/oss-security/2022/01/17/1 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 3%CPEs: 59EXPL: 95CVE-2022-0847 – Linux Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-0847
07 Mar 2022 — A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Se ha encontrado un fallo en la forma en que el miembro "flags" de la estructura del nuevo búfer de la tubería carecía de la inic... • https://www.exploit-db.com/exploits/50808 • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2022-26490
https://notcve.org/view.php?id=CVE-2022-26490
06 Mar 2022 — st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. La función st21nfca_connectivity_event_received en el archivo drivers/nfc/st21nfca/se.c en el kernel de Linux hasta la versión 5.16.12, presenta desbordamientos de búfer EVT_TRANSACTION debido a parámetros de longitud no confiables • https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 9%CPEs: 50EXPL: 7CVE-2022-0492 – kernel: cgroups v1 release_agent feature may allow privilege escalation
https://notcve.org/view.php?id=CVE-2022-0492
23 Feb 2022 — A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. Se ha encontrado una vulnerabilidad en la función cgroup_release_agent_write en el archivo kernel/cgroup/cgroup-v1.c del kernel de Linux. Este fallo, bajo determinadas circunstancias, permite el uso de la función cgroups v1 rel... • https://github.com/chenaotian/CVE-2022-0492 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 60EXPL: 2CVE-2022-0435 – kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
https://notcve.org/view.php?id=CVE-2022-0435
23 Feb 2022 — A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. Se ha encontrado un fallo de desbordamiento de pila en la funcionalidad del protocolo TIPC del kernel de Linux en la forma en que un usuario envía un paquete con contenido m... • https://github.com/wlswotmd/CVE-2022-0435 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4028 – kernel: use-after-free in RDMA listen()
https://notcve.org/view.php?id=CVE-2021-4028
22 Feb 2022 — A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system. Un fallo en la implementación del kernel de Linux del código de escucha del administrador de comunicaciones RDMA permitía a un atacante c... • https://access.redhat.com/security/cve/CVE-2021-4028 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 5CVE-2022-25636 – kernel: heap out of bounds write in nf_dup_netdev.c
https://notcve.org/view.php?id=CVE-2022-25636
22 Feb 2022 — net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. El archivo net/netfilter/nf_dup_netdev.c en el kernel de Linux versiones 5.4 hasta 5.6.10, permite a usuarios locales alcanzar privilegios debido a una escritura fuera de los límites de la pila. Esto está relacionado con nf_tables_offload An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/... • https://github.com/Bonfee/CVE-2022-25636 • CWE-269: Improper Privilege Management CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-25375
https://notcve.org/view.php?id=CVE-2022-25375
20 Feb 2022 — An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. Se ha detectado un problema en el archivo drivers/usb/gadget/function/rndis.c en el kernel de Linux versiones anteriores a 5.16.10. El gadget USB RNDIS no comprueba el tamaño del comando RNDIS_MSG_SET. • https://github.com/szymonh/rndis-co • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20320
https://notcve.org/view.php?id=CVE-2021-20320
18 Feb 2022 — A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. Se encontró un fallo en s390 eBPF JIT en la función bpf_jit_insn en el archivo arch/s390/net/bpf_jit_comp.c en el kernel de Linux. En este fallo, un atacante local con privilegios de usuario especiales puede omitir el verificador y puede conllevar a un problema de confidencialid... • https://bugzilla.redhat.com/show_bug.cgi?id=2010090 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2022-0646
https://notcve.org/view.php?id=CVE-2022-0646
18 Feb 2022 — A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5. Se encontró un fallo de uso de memoria previamente liberada en el subsistema del kernel de Linux Management Component Transpo... • https://lore.kernel.org/all/20220211011552.1861886-1-jk%40codeconstruct.com.au • CWE-416: Use After Free CWE-459: Incomplete Cleanup •