CVE-2022-2503 – Linux Kernel LoadPin bypass via dm-verity table reload
https://notcve.org/view.php?id=CVE-2022-2503
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 Dm-verity es usado para extender el root confiable a los sistemas de archivos root. • https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m https://security.netapp.com/advisory/ntap-20230214-0005 https://access.redhat.com/security/cve/CVE-2022-2503 https://bugzilla.redhat.com/show_bug.cgi?id=2177862 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVE-2022-2588 – Linux Kernel route4_change Double Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2588
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Se descubrió que la implementación del filtro cls_route en el kernel de Linux no eliminaba un filtro antiguo de la tabla hash antes de liberarlo si su identificador tenía el valor 0. A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. • https://github.com/Markakd/CVE-2022-2588 https://github.com/veritas501/CVE-2022-2588 https://github.com/BassamGraini/CVE-2022-2588 https://github.com/PolymorphicOpcode/CVE-2022-2588 https://github.com/dom4570/CVE-2022-2588 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588 https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u https://ubuntu.com/security/notices/USN-5557-1 https://ubuntu.com/security/notices/USN-5560-1 https:/ • CWE-415: Double Free CWE-416: Use After Free •
CVE-2022-2586 – Linux Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-2586
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. Se descubrió que un objeto o expresión nft podía hacer referencia a un conjunto nft en una tabla nft diferente, lo que generaba un use-after-free una vez que se eliminaba esa tabla. A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. • https://github.com/aels/CVE-2022-2586-LPE https://github.com/sniper404ghostxploit/CVE-2022-2586 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586 https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t https://ubuntu.com/security/notices/USN-5557-1 https://ubuntu.com/security/notices/USN-5560-1 https://ubuntu.com/security/notices/USN-5560-2 https://ubuntu.com/security/notices/USN-5562-1 https://ubuntu.com/security/notices • CWE-416: Use After Free •
CVE-2022-36123
https://notcve.org/view.php?id=CVE-2022-36123
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. El kernel de Linux versiones anteriores a 5.18.13, carece de una determinada operación de borrado para el símbolo de inicio de bloque (.bss). Esto permite a usuarios del SO huésped Xen PV causar una denegación de servicio o conseguir privilegios • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13 https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0 https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884 https://security.netapp.com/advisory/ntap-20220901-0003 https://sick.codes/sick-2022-128 •
CVE-2022-0812
https://notcve.org/view.php?id=CVE-2022-0812
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. Se ha encontrado un fallo de filtrado de información en NFS sobre RDMA en el archivo net/sunrpc/xprtrdma/rpc_rdma.c en el Kernel de Linux. Este fallo permite a un atacante privilegiado de usuario normales filtrar información del kernel • https://access.redhat.com/security/cve/CVE-2022-0812 https://bugzilla.redhat.com/show_bug.cgi?id=2058361 https://bugzilla.redhat.com/show_bug.cgi?id=2058955 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=912288442cb2f431bf3c8cb097a5de83bc6dbac1 https://security.netapp.com/advisory/ntap-20230427-0011 https://ubuntu.com/security/CVE-2022-0812 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •