CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3170
https://notcve.org/view.php?id=CVE-2022-3170
An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system. Se ha encontrado un problema de acceso fuera de límites en el subsistema de sonido del kernel de Linux. Podía ocurrir cuando el "id-)name proporcionado por el usuario no terminaba con "\0". • https://github.com/torvalds/linux/commit/5934d9a0383619c14df91af8fd76261dc3de2f5f https://github.com/torvalds/linux/commit/6ab55ec0a938c7f943a4edba3d6514f775983887 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3077 – kernel: i2c: unbounded length leads to buffer overflow in ismt_access()
https://notcve.org/view.php?id=CVE-2022-3077
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system. Se encontró una vulnerabilidad de desbordamiento de búfer en el controlador de host iSMT SMBus del kernel de Linux en la forma en que manejaba el caso I2C_SMBUS_BLOCK_PROC_CALL (por el ioctl I2C_SMBUS) con datos de entrada maliciosos. Este fallo podría permitir a un usuario local bloquear el sistema A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. In particular, the userspace controllable "data->block[0]" variable was not capped to a number between 0-255 and then used as the size of a memcpy, thus possibly writing beyond the end of dma_buffer. • https://github.com/torvalds/linux/commit/690b2549b19563ec5ad53e5c82f6a944d910086e https://access.redhat.com/security/cve/CVE-2022-3077 https://bugzilla.redhat.com/show_bug.cgi?id=2123309 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-40133 – There is an UAF vulnerability in vmwgfx driver
https://notcve.org/view.php?id=CVE-2022-40133
A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada (UAF) en la función "vmw_execbuf_tie_context" en el archivo drivers/gpu/vmxgfx/vmxgfx_execbuf.c en el controlador vmwgfx del kernel de Linux con el archivo de dispositivo "/dev/dri/renderD128 (o Dxxx)". Este fallo permite a un atacante local con una cuenta de usuario en el sistema conseguir privilegios, causando una denegación de servicio (DoS) A use-after-free vulnerability was found in the Linux kernel's vmwgfx driver in vmw_execbuf_tie_context. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl() on the resulting file descriptor, to crash the system, causing a denial of service. • https://bugzilla.openanolis.cn/show_bug.cgi?id=2075 https://access.redhat.com/security/cve/CVE-2022-40133 https://bugzilla.redhat.com/show_bug.cgi?id=2133453 • CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-38457 – There is an UAF vulnerability in vmwgfx driver
https://notcve.org/view.php?id=CVE-2022-38457
A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada (UAF) en la función "vmw_cmd_res_check" en el archivo drivers/gpu/vmxgfx/vmxgfx_execbuf.c en el controlador vmwgfx del kernel de Linux con el archivo de dispositivo "/dev/dri/renderD128 (o Dxxx)". Este fallo permite a un atacante local con una cuenta de usuario en el sistema conseguir privilegios, causando una denegación de servicio (DoS) A use-after-free vulnerability was found in the Linux kernel's vmwgfx driver in vmw_cmd_res_check. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl() on the resulting file descriptor, to crash the system, causing a denial of service. • https://bugzilla.openanolis.cn/show_bug.cgi?id=2074 https://access.redhat.com/security/cve/CVE-2022-38457 https://bugzilla.redhat.com/show_bug.cgi?id=2133455 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40307
https://notcve.org/view.php?id=CVE-2022-40307
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. Se ha detectado un problema en el kernel de Linux versiones hasta 5.19.8. El archivo drivers/firmware/efi/capsule-loader.c presenta una condición de carrera con un uso de memoria previamente liberada resultante • https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.debian.org/security/2022/dsa-5257 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •