CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-1199 – Ubuntu Security Notice USN-5469-1
https://notcve.org/view.php?id=CVE-2022-1199
28 May 2022 — A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. Se ha encontrado un fallo en el kernel de Linux. Este fallo permite a un atacante bloquear el kernel de Linux al simular la radioafición desde el espacio de usuario, resultando en una vulnerabilidad null-ptr-deref y una vulnerabilidad de uso de memoria previamente liberada It was discovere... • https://access.redhat.com/security/cve/CVE-2022-1199 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1205 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2022-1205
28 May 2022 — A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. Se ha encontrado un fallo de desreferencia de puntero NULL en la funcionalidad del protocolo AX.25 de Radio Aficionados del kernel de Linux en la forma en que un usuario es conectado con el protocolo. Este fallo permite a un usuario local bloquear el sistema Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke X... • https://access.redhat.com/security/cve/CVE-2022-1205 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-1882 – kernel: use-after-free in free_pipe_info() could lead to privilege escalation
https://notcve.org/view.php?id=CVE-2022-1882
26 May 2022 — A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso después de libre en la funcionalidad de tuberías del kernel de Linux en la forma en que un usuario realiza manipulaciones con la tubería post_one_notification() después de free_pipe_info()... • https://bugzilla.redhat.com/show_bug.cgi?id=2089701 • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 24EXPL: 2CVE-2022-1734 – Ubuntu Security Notice USN-5582-1
https://notcve.org/view.php?id=CVE-2022-1734
18 May 2022 — A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. Un fallo en el Kernel de Linux encontrado en nfcmrvl_nci_unregister_dev() en el archivo drivers/nfc/nfcmrvl/main.c puede conllevar a un uso de memoria previamente liberada de lectura o escritura cuando no está sincronizado entre la rutina de limpieza y la rutina de descarga del firmware Zhenpeng L... • http://www.openwall.com/lists/oss-security/2022/06/05/4 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 3CVE-2022-29581 – kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c
https://notcve.org/view.php?id=CVE-2022-29581
17 May 2022 — Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. Una vulnerabilidad de actualización inapropiada del recuento de referencias en net/sched del Kernel de Linux permite a un atacante local causar una escalada de privilegios a root. Este problema afecta a: Las versiones del Kernel de Linux anteriores a 5.18; la versión 4.14 y posterio... • https://github.com/Nidhi77777/linux-4.19.72_CVE-2022-29581 • CWE-416: Use After Free CWE-911: Improper Update of Reference Count •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 2CVE-2022-1679 – kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges
https://notcve.org/view.php?id=CVE-2022-1679
16 May 2022 — A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en el controlador del adaptador inalámbrico Atheros del kernel de Linux en la forma en que un usuario fuerza la función ath9k_htc_wait_for_target a fallar con algunos m... • https://github.com/EkamSinghWalia/-Detection-and-Mitigation-for-CVE-2022-1679 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 3CVE-2022-30594 – kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
https://notcve.org/view.php?id=CVE-2022-30594
12 May 2022 — The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. El kernel de Linux versiones anteriores a 5.17.2, maneja inapropiadamente los permisos de seccomp. La ruta de código PTRACE_SEIZE permite a atacantes omitir las restricciones previstas al establecer el flag PT_SUSPEND_SECCOMP A flaw was found in the Linux kernel. The PTRACE_SEIZE code path allows attackers to bypass intended restri... • https://packetstorm.news/files/id/170362 • CWE-276: Incorrect Default Permissions CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2CVE-2022-1158 – kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
https://notcve.org/view.php?id=CVE-2022-1158
12 May 2022 — A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. Se ha encontrado un fallo en KVM. Cuando era actualizada la entrada de la tabla de páginas de un huésped, vm_pgoff era usado incorrectamente com... • https://bugzilla.redhat.com/show_bug.cgi?id=2069793 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1516 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2022-1516
05 May 2022 — A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. Se ha encontrado un fallo de desreferencia de puntero NULL en la funcionalidad del conjunto de protocolos de red estandarizados X.25 del kernel de Linux en la forma en que un usuario termina su sesión usando una tarjeta Ether... • http://www.openwall.com/lists/oss-security/2022/06/19/1 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 1CVE-2022-29968 – Ubuntu Security Notice USN-5471-1
https://notcve.org/view.php?id=CVE-2022-29968
02 May 2022 — An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. Se ha detectado un problema en el kernel de Linux versiones hasta 5.17.5. La función io_rw_init_file en el archivo fs/io_uring.c carece de la inicialización de kiocb-)private It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot res... • https://github.com/jprx/CVE-2022-29968 • CWE-909: Missing Initialization of Resource •