CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2590
https://notcve.org/view.php?id=CVE-2022-2590
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system. Se encontró una condición de carrera en la forma en que el subsistema de memoria del kernel de Linux manejaba la ruptura de copia en escritura (COW) de las asignaciones de memoria compartida privada de sólo lectura. Este fallo permite a un usuario local no privilegiado conseguir acceso de escritura a las asignaciones de memoria de sólo lectura, aumentando sus privilegios en el sistema • https://github.com/hyeonjun17/CVE-2022-2590-analysis https://lore.kernel.org/linux-mm/20220808073232.8808-1-david%40redhat.com https://www.openwall.com/lists/oss-security/2022/08/08/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 0CVE-2022-3028 – kernel: race condition in xfrm_probe_algs can lead to OOB read/write
https://notcve.org/view.php?id=CVE-2022-3028
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. Se ha encontrado una condición de carrera en el marco IP del kernel de Linux para la transformación de paquetes (subsistema XFRM) cuando son producidas simultáneamente varias llamadas a xfrm_probe_algs. Este fallo podría permitir a un atacante local desencadenar potencialmente una escritura fuera de límites o una pérdida de memoria de la pila del kernel al llevar a cabo una lectura fuera de límites y copiarla en un socket • https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraprojec • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-2153 – kernel: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
https://notcve.org/view.php?id=CVE-2022-2153
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. Se ha encontrado un fallo en el KVM del kernel de Linux cuando es intentado establecer una IRQ SynIC. Este problema hace posible a un VMM que sea comportado inapropiadamente escribir en las MSR de SYNIC/STIMER, causando una desreferencia de puntero NULL. • https://bugzilla.redhat.com/show_bug.cgi?id=2069736 https://github.com/torvalds/linux/commit/00b5f37189d24ac3ed46cb7f11742094778c46ce https://github.com/torvalds/linux/commit/7ec37d1cbe17d8189d9562178d8b29167fe1c31a https://github.com/torvalds/linux/commit/b1e34d325397a33d97d845e312d7cf2a8b646b44 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.openwall.com/lists/oss-security/2022/06/22/1 https://access.redhat.com/security& • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 0CVE-2022-2961
https://notcve.org/view.php?id=CVE-2022-2961
A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en la funcionalidad PLP Rose del kernel de Linux en la forma en que un usuario desencadena una condición de carrera al llamar a bind mientras es desencadenada simultáneamente la función rose_bind(). Este fallo permite a un usuario local bloquearse o escalar potencialmente sus privilegios en el sistema • https://access.redhat.com/security/cve/CVE-2022-2961 https://security.netapp.com/advisory/ntap-20230214-0004 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-0171
https://notcve.org/view.php?id=CVE-2022-0171
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). Se ha encontrado un fallo en el kernel de Linux. La API existente de KVM SEV presenta una vulnerabilidad que permite que una aplicación a nivel de usuario no root (anfitrión) bloquee el kernel del anfitrión al crear una instancia de VM de invitado confidencial en la CPU de AMD que admite la virtualización cifrada segura (SEV). • https://access.redhat.com/security/cve/CVE-2022-0171 https://bugzilla.redhat.com/show_bug.cgi?id=2038940 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.debian.org/security/2022/dsa-5257 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-459: Incomplete Cleanup •