CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-0171
https://notcve.org/view.php?id=CVE-2022-0171
26 Aug 2022 — A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). Se ha encontrado un fallo en el kernel de Linux. La API existente de KVM SEV presenta una vulnerabilidad que permite que una aplicación a nivel de usuario no root (anfitrión) bloquee el kernel del anfitrión al crear una instancia de VM de inv... • https://access.redhat.com/security/cve/CVE-2022-0171 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-2978
https://notcve.org/view.php?id=CVE-2022-2978
24 Aug 2022 — A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Se encontró un fallo de uso de memoria previamente liberada en el sistema de archivos NILFS del kernel de Linux en la forma en que el usuario desencadena la función security_inode_alloc para que falle con la siguiente l... • https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2959 – Linux Kernel Watch Queue Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2959
24 Aug 2022 — A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. Se ha encontrado una condición de carrera en la cola de vigilancia del kernel de Linux debido a una falta de bloqueo en la función pipe_resize_ring(). • https://github.com/torvalds/linux/commit/189b0ddc245139af81198d1a3637cac74f96e13a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-2938 – kernel: use-after-free when psi trigger is destroyed while being polled
https://notcve.org/view.php?id=CVE-2022-2938
23 Aug 2022 — A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. Se ha encontrado un fallo en la implementación del kernel de Linux de la Información de Bloqueo de Presión. Aunque la función está deshabilitada por defecto, podría permitir a un atacante bloquear el sistema o tener otros efectos secundarios de corrupción de memoria. A flaw was found in the ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848 • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 24EXPL: 0CVE-2022-2873 – kernel: an out-of-bounds vulnerability in i2c-ismt driver
https://notcve.org/view.php?id=CVE-2022-2873
22 Aug 2022 — An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. Se ha encontrado un fallo de acceso a memoria fuera de límites en el controlador de host iSMT SMBus del kernel de Linux, en la forma en que un usuario desencadena I2C_SMBUS_BLOCK_DATA (con el ioctl I2C_SMBUS) con datos de entrada maliciosos. Este ... • https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2503 – Linux Kernel LoadPin bypass via dm-verity table reload
https://notcve.org/view.php?id=CVE-2022-2503
12 Aug 2022 — Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for... • https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2585 – kernel: posix cpu timer use-after-free may lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2022-2585
11 Aug 2022 — It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. Se descubrió que al ejecutar desde un subproceso no líder, los temporizadores de CPU POSIX armados se dejaban en una lista pero se liberaban, lo que generaba un use-after-free. A use-after-free flaw was found in the Linux kernel’s POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This f... • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2022-2586 – Linux Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-2586
10 Aug 2022 — It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. Se descubrió que un objeto o expresión nft podía hacer referencia a un conjunto nft en una tabla nft diferente, lo que generaba un use-after-free una vez que se eliminaba esa tabla. A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker t... • https://github.com/aels/CVE-2022-2586-LPE • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 9CVE-2022-2588 – Linux Kernel route4_change Double Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2588
10 Aug 2022 — It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Se descubrió que la implementación del filtro cls_route en el kernel de Linux no eliminaba un filtro antiguo de la tabla hash antes de liberarlo si su identificador tenía el valor 0. A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user ... • https://github.com/Markakd/CVE-2022-2588 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 2CVE-2022-36123
https://notcve.org/view.php?id=CVE-2022-36123
29 Jul 2022 — The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. El kernel de Linux versiones anteriores a 5.18.13, carece de una determinada operación de borrado para el símbolo de inicio de bloque (.bss). Esto permite a usuarios del SO huésped Xen PV causar una denegación de servicio o conseguir privilegios • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13 •