CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 6CVE-2022-0995 – Watch Queue Out of Bounds Write
https://notcve.org/view.php?id=CVE-2022-0995
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. Se encontró un fallo de escritura en memoria fuera de límites (OOB) en el subsistema de notificación de eventos watch_queue del kernel de Linux. este fallo puede sobrescribir partes del estado del kernel, permitiendo potencialmente a un usuario local conseguir acceso privilegiado o causar una denegación de servicio en el sistema The Linux watch_queue filter suffers from an out of bounds write vulnerability. • https://github.com/Bonfee/CVE-2022-0995 https://github.com/1nzag/CVE-2022-0995 https://github.com/AndreevSemen/CVE-2022-0995 http://packetstormsecurity.com/files/166770/Linux-watch_queue-Filter-Out-Of-Bounds-Write.html http://packetstormsecurity.com/files/166815/Watch-Queue-Out-Of-Bounds-Write.html https://bugzilla.redhat.com/show_bug.cgi?id=2063786 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb https://security.netapp.com • CWE-787: Out-of-bounds Write •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2022-0494 – kernel: information leak in scsi_ioctl()
https://notcve.org/view.php?id=CVE-2022-0494
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. Se ha identificado un fallo de filtrado de información del kernel en la función scsi_ioctl en el archivo drivers/scsi/scsi_ioctl.c en el kernel de Linux. este fallo permite a un atacante local con un privilegio de usuario especial (CAP_SYS_ADMIN o CAP_SYS_RAWIO) crear problemas de confidencialidad • https://bugzilla.redhat.com/show_bug.cgi?id=2039448 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lore.kernel.org/all/20220216084038.15635-1-tcs.kernel%40gmail.com https://www.debian.org/security/2022/dsa-5161 https://www.debian.org/security/2022/dsa-5173 https://access.redhat.com/security/cve/CVE-2022-0494 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-0500 – kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges
https://notcve.org/view.php?id=CVE-2022-0500
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. Se ha encontrado un fallo en el uso irrestricto de eBPF por parte de BPF_BTF_LOAD, que conlleva una posible escritura de memoria fuera de los límites en el subsistema BPF del kernel de Linux debido a la forma en que un usuario carga BTF. este fallo permite a un usuario local bloquear o escalar sus privilegios en el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=2044578 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=20b2aff4bc15bda809f994761d5719827d66c0b4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=216e3cd2f28dbbf1fe86848e0e29e6693b9f0a20 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 1CVE-2022-0854 – kernel: swiotlb information leak with DMA_FROM_DEVICE
https://notcve.org/view.php?id=CVE-2022-0854
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. Se ha encontrado un fallo de pérdida de memoria en el subsistema DMA del kernel de Linux, en la forma en que un usuario llama a DMA_FROM_DEVICE. Este fallo permite a un usuario local leer memoria aleatoria del espacio del kernel • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8&id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://www.debian.org/security/2022/dsa-5161 https://www.debian.org/security/2022/dsa-5173 https://access.redhat.com/security/cve/CVE-2022-0854 https://bugzilla.redhat.com/show_bug.cgi?id=2058395 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 1CVE-2022-27666 – kernel: buffer overflow in IPsec ESP transformation code
https://notcve.org/view.php?id=CVE-2022-27666
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. Se ha encontrado un fallo de desbordamiento del búfer de la pila en el código de transformación de IPsec ESP en net/ipv4/esp4.c y net/ipv6/esp6.c. Este fallo permite a un atacante local con un privilegio de usuario normal sobrescribir los objetos de la pila del núcleo y puede causar una amenaza de escalada de privilegios local • https://github.com/plummm/CVE-2022-27666 https://bugzilla.redhat.com/show_bug.cgi?id=2061633 https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 https://security.netapp.com/advisory/ntap-20220429-0001 https://www.debian.org/security/2022/dsa-5127 https://www.debian.org/security/2022/dsa-5173 https://access.redhat.com/security/cve/CVE-2022-27666 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •