Page 436 of 2243 results (0.041 seconds)

CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0

CVE-2022-43750 – kernel: memory corruption in usbmon driver

https://notcve.org/view.php?id=CVE-2022-43750

drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. El archivo drivers/usb/mon/mon_bin.c en usbmon en el kernel de Linux versiones anteriores a 5.19.15 y versiones 6.x anteriores a 6.0.1, permite que un cliente del espacio de usuario corrompa la memoria interna del monitor An out-of-bounds memory write flaw in the Linux kernel’s USB Monitor component was found in how a user with access to the /dev/usbmon can trigger it by an incorrect write to the memory of the usbmon. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.15 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a659daf63d16aa883be42f3f34ff84235c302198 https://github.com/torvalds/linux/commit/a659daf63d16aa883be42f3f34ff84235c302198 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://access.redhat.com/security/cve • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-3344

https://notcve.org/view.php?id=CVE-2022-3344

A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). Se ha encontrado un fallo en la virtualización anidada AMD (SVM) de KVM. Un huésped L1 malicioso podría fallar a propósito para interceptar el apagado de un huésped anidado cooperativo (L2), posiblemente conllevando a una falla de página y pánico del kernel en el host (L0) • https://bugzilla.redhat.com/show_bug.cgi?id=2130278 https://lore.kernel.org/lkml/20221020093055.224317-5-mlevitsk%40redhat.com/T • CWE-440: Expected Behavior Violation •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 1

CVE-2022-3640 – Linux Kernel Bluetooth l2cap_core.c l2cap_conn_del use after free

https://notcve.org/view.php?id=CVE-2022-3640

A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGOIRR72OAFE53XZRUDZDP7INGLIC3E3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD7VWUT7YAU4CJ247IF44NGVOAODAJGC https://lists.fedorapr • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-42432 – Linux Kernel nftables Uninitialized Variable Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2022-42432

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. • https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220907082618.1193201-1-pablo%40netfilter.org https://www.zerodayinitiative.com/advisories/ZDI-22-1457 https://access.redhat.com/security/cve/CVE-2022-42432 https://bugzilla.redhat.com/show_bug.cgi?id=2182888 • CWE-457: Use of Uninitialized Variable •

CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 1

CVE-2022-3635 – Linux Kernel IPsec idt77252.c tst_timer use after free

https://notcve.org/view.php?id=CVE-2022-3635

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. • https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=3f4093e2bf4673f218c0bf17d8362337c400e77b https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://vuldb.com/?id.211934 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •