CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-2964 – kernel: memory corruption in AX88179_178A based USB ethernet device.
https://notcve.org/view.php?id=CVE-2022-2964
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. Se ha encontrado un fallo en el controlador del kernel de Linux para los dispositivos USB 2.0/3.0 Gigabit Ethernet basados en ASIX versión AX88179_178A. La vulnerabilidad contiene múltiples lecturas fuera de límites y posibles escrituras fuera de límites • https://bugzilla.redhat.com/show_bug.cgi?id=2067482 https://security.netapp.com/advisory/ntap-20230113-0001 https://access.redhat.com/security/cve/CVE-2022-2964 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3169
https://notcve.org/view.php?id=CVE-2022-3169
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. Se ha encontrado un fallo en el kernel de Linux. Puede producirse un fallo de denegación de servicio si se presenta una petición consecutiva del NVME_IOCTL_RESET y del NVME_IOCTL_SUBSYS_RESET mediante el archivo de dispositivo del controlador, resultando en una desconexión del enlace PCIe • https://bugzilla.kernel.org/show_bug.cgi?id=214771 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40307
https://notcve.org/view.php?id=CVE-2022-40307
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. Se ha detectado un problema en el kernel de Linux versiones hasta 5.19.8. El archivo drivers/firmware/efi/capsule-loader.c presenta una condición de carrera con un uso de memoria previamente liberada resultante • https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.debian.org/security/2022/dsa-5257 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-39842
https://notcve.org/view.php?id=CVE-2022-39842
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.19. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19 https://github.com/torvalds/linux/commit/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/all/YylaC1wHHyLw22D3%40kadam/T https://www.debian.org/security/2022/dsa-5257 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-39189 – kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning
https://notcve.org/view.php?id=CVE-2022-39189
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. Se ha detectado un problema en el subsistema KVM x86 en el kernel de Linux versiones anteriores a 5.18.17. Los usuarios invitados no privilegiados pueden comprometer el kernel invitado porque las operaciones de vaciado del TLB son manejadas inapropiadamente en determinadas situaciones de KVM_VCPU_PREEMPTED A flaw was found in the x86 KVM subsystem in kvm_steal_time_set_preempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. • https://bugs.chromium.org/p/project-zero/issues/detail?id=2309 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.17 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88243c7e03845a450795e134b488fc2afb736 https://github.com/torvalds/linux/commit/6cd88243c7e03845a450795e134b488fc2afb736 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20230214-0007 https://www.debian.org/security/2023/dsa-5480 https:/ • CWE-416: Use After Free •