CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2022-0516 – kernel: missing check in ioctl allows kernel memory read/write
https://notcve.org/view.php?id=CVE-2022-0516
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. Se encontró una vulnerabilidad en la función kvm_s390_guest_sida_op en el archivo arch/s390/kvm/kvm-s390.c en KVM para s390 en el kernel de Linux. Este fallo permite a un atacante local con un privilegio de usuario normal obtener un acceso de escritura en memoria no autorizado. • https://bugzilla.redhat.com/show_bug.cgi?id=2050237 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09a93c1df3eafa43bcdfd7bf837c574911f12f55 https://security.netapp.com/advisory/ntap-20220331-0009 https://www.debian.org/security/2022/dsa-5092 https://access.redhat.com/security/cve/CVE-2022-0516 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-4095
https://notcve.org/view.php?id=CVE-2021-4095
A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1. Se encontró una desreferencia de puntero NULL en el KVM del kernel de Linux cuando se habilita el registro de anillo sucio sin un contexto de vCPU activo. Un atacante local no privilegiado en el host puede usar este fallo para causar una condición de oops del kernel y, por tanto, una denegación de servicio emitiendo un ioctl KVM_XEN_HVM_SET_ATTR. • http://www.openwall.com/lists/oss-security/2022/01/17/1 https://bugzilla.redhat.com/show_bug.cgi?id=2031194 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2022-26490
https://notcve.org/view.php?id=CVE-2022-26490
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. La función st21nfca_connectivity_event_received en el archivo drivers/nfc/st21nfca/se.c en el kernel de Linux hasta la versión 5.16.12, presenta desbordamientos de búfer EVT_TRANSACTION debido a parámetros de longitud no confiables • https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT https://security.netapp.com/advisory/ntap-20220429-0004 https://www.debian.org/security/2022/dsa-5127 https://www.debian.org/security/20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.9EPSS: 0%CPEs: 29EXPL: 0CVE-2020-36516 – kernel: off-path attacker may inject data or terminate victim's TCP session
https://notcve.org/view.php?id=CVE-2020-36516
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. Se ha detectado un problema en el kernel de Linux versiones hasta 5.16.11. El método de asignación de IPID mixto con la política de asignación de IPID basada en hash permite a un atacante fuera de la ruta inyectar datos en la sesión TCP de una víctima o terminar esa sesión. A TCP/IP packet spoofing attack flaw was found in the Linux kernel’s TCP/IP protocol, where a Man-in-the-Middle Attack (MITM) performs an IP fragmentation attack and an IPID collision. • https://dl.acm.org/doi/10.1145/3372297.3417884 https://security.netapp.com/advisory/ntap-20220331-0003 https://access.redhat.com/security/cve/CVE-2020-36516 https://bugzilla.redhat.com/show_bug.cgi?id=2059928 • CWE-290: Authentication Bypass by Spoofing CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.0EPSS: 0%CPEs: 60EXPL: 2CVE-2022-0435 – kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
https://notcve.org/view.php?id=CVE-2022-0435
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. Se ha encontrado un fallo de desbordamiento de pila en la funcionalidad del protocolo TIPC del kernel de Linux en la forma en que un usuario envía un paquete con contenido malicioso cuando el número de nodos miembros del dominio es superior a los 64 permitidos. Este fallo permite a un usuario remoto bloquear el sistema o posiblemente escalar sus privilegios si presenta acceso a la red TIPC A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. • https://github.com/wlswotmd/CVE-2022-0435 https://bugzilla.redhat.com/show_bug.cgi?id=2048738 https://security.netapp.com/advisory/ntap-20220602-0001 https://www.openwall.com/lists/oss-security/2022/02/10/1 https://access.redhat.com/security/cve/CVE-2022-0435 • CWE-787: Out-of-bounds Write •