CVE-2022-2586 – Linux Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-2586
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. Se descubrió que un objeto o expresión nft podía hacer referencia a un conjunto nft en una tabla nft diferente, lo que generaba un use-after-free una vez que se eliminaba esa tabla. A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. • https://github.com/aels/CVE-2022-2586-LPE https://github.com/sniper404ghostxploit/CVE-2022-2586 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586 https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t https://ubuntu.com/security/notices/USN-5557-1 https://ubuntu.com/security/notices/USN-5560-1 https://ubuntu.com/security/notices/USN-5560-2 https://ubuntu.com/security/notices/USN-5562-1 https://ubuntu.com/security/notices • CWE-416: Use After Free •
CVE-2022-1184 – kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
https://notcve.org/view.php?id=CVE-2022-1184
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. Se ha detectado un fallo de uso de memoria previamente liberada en el archivo fs/ext4/namei.c:dx_insert_block() en el subcomponente del sistema de archivos del kernel de Linux. Este fallo permite a un atacante local con privilegios de usuario causar una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-1184 https://bugzilla.redhat.com/show_bug.cgi?id=2070205 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://ubuntu.com/security/CVE-2022-1184 https://www.debian.org/security/2022/dsa-5257 • CWE-416: Use After Free •
CVE-2022-34918 – kernel: heap overflow in nft_set_elem_init()
https://notcve.org/view.php?id=CVE-2022-34918
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. Se ha detectado un problema en el kernel de Linux versiones hasta 5.18.9. • https://github.com/veritas501/CVE-2022-34918 https://github.com/randorisec/CVE-2022-34918-LPE-PoC https://github.com/merlinepedra25/CVE-2022-34918-LPE-PoC https://github.com/merlinepedra/CVE-2022-34918-LPE-PoC https://github.com/linulinu/CVE-2022-34918 http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html http://www.openwall.com/lists/oss-secur • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1025: Comparison Using Wrong Factors •
CVE-2022-2084 – sensitive data exposure in cloud-init logs
https://notcve.org/view.php?id=CVE-2022-2084
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords. • https://github.com/canonical/cloud-init/commit/4d467b14363d800b2185b89790d57871f11ea88c https://ubuntu.com/security/notices/USN-5496-1 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-28656
https://notcve.org/view.php?id=CVE-2022-28656
is_closing_session() allows users to consume RAM in the Apport process is_closing_session() permite a los usuarios consumir RAM en el proceso de Apport • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28656 • CWE-770: Allocation of Resources Without Limits or Throttling •