CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-2978
https://notcve.org/view.php?id=CVE-2022-2978
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Se encontró un fallo de uso de memoria previamente liberada en el sistema de archivos NILFS del kernel de Linux en la forma en que el usuario desencadena la función security_inode_alloc para que falle con la siguiente llamada a la función nilfs_mdt_destroy. Un usuario local podría usar este fallo para bloquear el sistema o escalar potencialmente sus privilegios en el sistema. • https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91%40hust.edu.cn/T/#u • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-2959 – Linux Kernel Watch Queue Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-2959
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. Se ha encontrado una condición de carrera en la cola de vigilancia del kernel de Linux debido a una falta de bloqueo en la función pipe_resize_ring(). • https://github.com/torvalds/linux/commit/189b0ddc245139af81198d1a3637cac74f96e13a https://security.netapp.com/advisory/ntap-20230214-0005 https://www.zerodayinitiative.com/advisories/ZDI-22-1165 https://access.redhat.com/security/cve/CVE-2022-2959 https://bugzilla.redhat.com/show_bug.cgi?id=2103681 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-2938 – kernel: use-after-free when psi trigger is destroyed while being polled
https://notcve.org/view.php?id=CVE-2022-2938
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. Se ha encontrado un fallo en la implementación del kernel de Linux de la Información de Bloqueo de Presión. Aunque la función está deshabilitada por defecto, podría permitir a un atacante bloquear el sistema o tener otros efectos secundarios de corrupción de memoria. A flaw was found in the Linux kernel’s implementation of Pressure Stall Information. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a06247c6804f1a7c86a2e5398a4c1f1db1471848 https://security.netapp.com/advisory/ntap-20221223-0002 https://access.redhat.com/security/cve/CVE-2022-2938 https://bugzilla.redhat.com/show_bug.cgi?id=2120175 • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 24EXPL: 0CVE-2022-2873 – kernel: an out-of-bounds vulnerability in i2c-ismt driver
https://notcve.org/view.php?id=CVE-2022-2873
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. Se ha encontrado un fallo de acceso a memoria fuera de límites en el controlador de host iSMT SMBus del kernel de Linux, en la forma en que un usuario desencadena I2C_SMBUS_BLOCK_DATA (con el ioctl I2C_SMBUS) con datos de entrada maliciosos. Este fallo permite a un usuario local bloquear el sistema. • https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97%40gmail.com/T https://security.netapp.com/advisory/ntap-20230120-0001 https://www.debian.org/security/2023/dsa-5324 https://access.redhat.com/security/cve/CVE-2022-2873 https://bugzilla.redhat.com/show_bug.cgi?id=2119048 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2503 – Linux Kernel LoadPin bypass via dm-verity table reload
https://notcve.org/view.php?id=CVE-2022-2503
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 Dm-verity es usado para extender el root confiable a los sistemas de archivos root. • https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m https://security.netapp.com/advisory/ntap-20230214-0005 https://access.redhat.com/security/cve/CVE-2022-2503 https://bugzilla.redhat.com/show_bug.cgi?id=2177862 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-302: Authentication Bypass by Assumed-Immutable Data •