CVE-2022-0171
https://notcve.org/view.php?id=CVE-2022-0171
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). Se ha encontrado un fallo en el kernel de Linux. La API existente de KVM SEV presenta una vulnerabilidad que permite que una aplicación a nivel de usuario no root (anfitrión) bloquee el kernel del anfitrión al crear una instancia de VM de invitado confidencial en la CPU de AMD que admite la virtualización cifrada segura (SEV). • https://access.redhat.com/security/cve/CVE-2022-0171 https://bugzilla.redhat.com/show_bug.cgi?id=2038940 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.debian.org/security/2022/dsa-5257 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-459: Incomplete Cleanup •
CVE-2022-34302 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34302
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de New Horizon Datasys versiones anteriores a 01-06-2022. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34302 https://bugzilla.redhat.com/show_bug.cgi?id=2120687 • CWE-494: Download of Code Without Integrity Check •
CVE-2022-34303 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34303
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de Eurosoft versiones anteriores a 01-06-2022. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34303 https://bugzilla.redhat.com/show_bug.cgi?id=2120701 • CWE-494: Download of Code Without Integrity Check •
CVE-2021-35938 – rpm: races with chown/chmod/capabilities calls during installation
https://notcve.org/view.php?id=CVE-2021-35938
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un problema de enlaces simbólicos en rpm. • https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://bugzilla.suse.com/show_bug.cgi?id=1157880 https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033 https://github.com/rpm-software-management/rpm/pull/1919 https://rpm.org/wiki/Releases/4.18.0 https://security.gentoo.org/glsa/202210-22 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-35937 – rpm: TOCTOU race in checks for unsafe symlinks
https://notcve.org/view.php?id=CVE-2021-35937
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró una vulnerabilidad de condición de carrera en rpm. Un usuario local no privilegiado podría usar este fallo para omitir las comprobaciones introducidas en respuesta a CVE-2017-7500 y CVE-2017-7501, obteniendo potencialmente privilegios de root. • https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://rpm.org/wiki/Releases/4.18.0 https://security.gentoo.org/glsa/202210-22 https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •