CVE-2022-3303
https://notcve.org/view.php?id=CVE-2022-3303
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition Se ha encontrado un fallo de condición de carrera en el subsistema de sonido del kernel de Linux debido a un bloqueo inapropiado. Podría conllevar a una desreferencia de puntero NULL mientras es manejado el ioctl SNDCTL_DSP_SYNC. Un usuario local privilegiado (root o miembro del grupo de audio) podría usar este fallo para bloquear el sistema, resultando en una situación de denegación de servicio • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA%40mail.gmail.com https://www.debian.org/security/2022/dsa-5257 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVE-2022-2785 – Arbitrary Memory read in BPF Linux Kernel
https://notcve.org/view.php?id=CVE-2022-2785
There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c Se presenta una lectura de memoria arbitraria dentro del BPF del Kernel de Linux - Las constantes proporcionadas para rellenar los punteros en los structs pasados a bpf_sys_bpf no son verificados y pueden apuntar a cualquier lugar, incluyendo la memoria que no es propiedad de BPF. Un atacante con CAP_BPF puede leer arbitrariamente la memoria de cualquier parte del sistema. Recomendamos actualizar el commit pasado 86f44fcec22c • https://git.kernel.org/bpf/bpf/c/86f44fcec22c https://lore.kernel.org/bpf/20220816205517.682470-1-zhuyifei%40google.com/T/#t • CWE-125: Out-of-bounds Read •
CVE-2022-41218 – kernel: Report vmalloc UAF in dvb-core/dmxdev
https://notcve.org/view.php?id=CVE-2022-41218
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. En el archivo drivers/media/dvb-core/dmxdev.c en el kernel de Linux versiones hasta 5.19.10, se presenta un uso de memoria previamente liberada causado por refcount races, que afecta a dvb_demux_open y dvb_dmxdev_release A use-after-free flaw was found in the Linux kernel’s dvb-core subsystem (DVB API used by Digital TV devices) in how a user physically removed a USB device (such as a DVB demultiplexer device) while running malicious code. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://github.com/Tobey123/CVE-2022-41218 http://www.openwall.com/lists/oss-security/2022/09/23/4 http://www.openwall.com/lists/oss-security/2022/09/24/1 http://www.openwall.com/lists/oss-security/2022/09/24/2 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fd3d91ab1c6ab0628fe642dd570b56302c30a792 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/media/dvb-core/dmxdev.c https://lists.debian.org/debian-lts-ann • CWE-416: Use After Free •
CVE-2022-3239 – kernel: media: em28xx: initialize refcount before kref_get
https://notcve.org/view.php?id=CVE-2022-3239
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en el controlador video4linux del kernel de Linux en la forma en que el usuario desencadena em28xx_usb_probe() para las tarjetas de TV basadas en Empia 28xx. Un usuario local podría usar este fallo para bloquear el sistema o potencialmente escalar sus privilegios en el sistema A use-after-free flaw was found in the Linux kernel’s video4linux driver in how a user triggers the em28xx_usb_probe() for the Empia 28xx-based TV cards. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c08eadca1bdfa099e20a32f8fa4b52b2f672236d https://security.netapp.com/advisory/ntap-20230214-0006 https://access.redhat.com/security/cve/CVE-2022-3239 https://bugzilla.redhat.com/show_bug.cgi?id=2127985 • CWE-416: Use After Free •
CVE-2022-40768
https://notcve.org/view.php?id=CVE-2022-40768
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. El archivo drivers/scsi/stex.c en el kernel de Linux versiones hasta 5.19.9, permite a usuarios locales obtener información confidencial de la memoria del kernel porque stex_queuecommand_lck carece de memset para el caso PASSTHRU_CMD • http://www.openwall.com/lists/oss-security/2022/09/19/1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6022f210461fef67e6e676fd8544ca02d1bcfa7a https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/scsi/stex.c https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY https://lists.fedoraproject.org/archives/list/packa • CWE-908: Use of Uninitialized Resource •