CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3170
https://notcve.org/view.php?id=CVE-2022-3170
An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system. Se ha encontrado un problema de acceso fuera de límites en el subsistema de sonido del kernel de Linux. Podía ocurrir cuando el "id-)name proporcionado por el usuario no terminaba con "\0". • https://github.com/torvalds/linux/commit/5934d9a0383619c14df91af8fd76261dc3de2f5f https://github.com/torvalds/linux/commit/6ab55ec0a938c7f943a4edba3d6514f775983887 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3077 – kernel: i2c: unbounded length leads to buffer overflow in ismt_access()
https://notcve.org/view.php?id=CVE-2022-3077
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system. Se encontró una vulnerabilidad de desbordamiento de búfer en el controlador de host iSMT SMBus del kernel de Linux en la forma en que manejaba el caso I2C_SMBUS_BLOCK_PROC_CALL (por el ioctl I2C_SMBUS) con datos de entrada maliciosos. Este fallo podría permitir a un usuario local bloquear el sistema A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. In particular, the userspace controllable "data->block[0]" variable was not capped to a number between 0-255 and then used as the size of a memcpy, thus possibly writing beyond the end of dma_buffer. • https://github.com/torvalds/linux/commit/690b2549b19563ec5ad53e5c82f6a944d910086e https://access.redhat.com/security/cve/CVE-2022-3077 https://bugzilla.redhat.com/show_bug.cgi?id=2123309 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40133 – There is an UAF vulnerability in vmwgfx driver
https://notcve.org/view.php?id=CVE-2022-40133
A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada (UAF) en la función "vmw_execbuf_tie_context" en el archivo drivers/gpu/vmxgfx/vmxgfx_execbuf.c en el controlador vmwgfx del kernel de Linux con el archivo de dispositivo "/dev/dri/renderD128 (o Dxxx)". Este fallo permite a un atacante local con una cuenta de usuario en el sistema conseguir privilegios, causando una denegación de servicio (DoS) A use-after-free vulnerability was found in the Linux kernel's vmwgfx driver in vmw_execbuf_tie_context. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl() on the resulting file descriptor, to crash the system, causing a denial of service. • https://bugzilla.openanolis.cn/show_bug.cgi?id=2075 https://access.redhat.com/security/cve/CVE-2022-40133 https://bugzilla.redhat.com/show_bug.cgi?id=2133453 • CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-38457 – There is an UAF vulnerability in vmwgfx driver
https://notcve.org/view.php?id=CVE-2022-38457
A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada (UAF) en la función "vmw_cmd_res_check" en el archivo drivers/gpu/vmxgfx/vmxgfx_execbuf.c en el controlador vmwgfx del kernel de Linux con el archivo de dispositivo "/dev/dri/renderD128 (o Dxxx)". Este fallo permite a un atacante local con una cuenta de usuario en el sistema conseguir privilegios, causando una denegación de servicio (DoS) A use-after-free vulnerability was found in the Linux kernel's vmwgfx driver in vmw_cmd_res_check. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl() on the resulting file descriptor, to crash the system, causing a denial of service. • https://bugzilla.openanolis.cn/show_bug.cgi?id=2074 https://access.redhat.com/security/cve/CVE-2022-38457 https://bugzilla.redhat.com/show_bug.cgi?id=2133455 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-2905
https://notcve.org/view.php?id=CVE-2022-2905
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. Se ha encontrado un fallo de lectura de memoria fuera de límites en el subsistema BPF del kernel de Linux en la forma en que un usuario llama a la función bpf_tail_call con una clave mayor que el max_entries del mapa. Este fallo permite a un usuario local conseguir acceso no autorizado a los datos • https://bugzilla.redhat.com/show_bug.cgi?id=2121800 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel%40iogearbox.net • CWE-125: Out-of-bounds Read •