CVE-2022-3239 – kernel: media: em28xx: initialize refcount before kref_get
https://notcve.org/view.php?id=CVE-2022-3239
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en el controlador video4linux del kernel de Linux en la forma en que el usuario desencadena em28xx_usb_probe() para las tarjetas de TV basadas en Empia 28xx. Un usuario local podría usar este fallo para bloquear el sistema o potencialmente escalar sus privilegios en el sistema A use-after-free flaw was found in the Linux kernel’s video4linux driver in how a user triggers the em28xx_usb_probe() for the Empia 28xx-based TV cards. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c08eadca1bdfa099e20a32f8fa4b52b2f672236d https://security.netapp.com/advisory/ntap-20230214-0006 https://access.redhat.com/security/cve/CVE-2022-3239 https://bugzilla.redhat.com/show_bug.cgi?id=2127985 • CWE-416: Use After Free •
CVE-2022-40768
https://notcve.org/view.php?id=CVE-2022-40768
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. El archivo drivers/scsi/stex.c en el kernel de Linux versiones hasta 5.19.9, permite a usuarios locales obtener información confidencial de la memoria del kernel porque stex_queuecommand_lck carece de memset para el caso PASSTHRU_CMD • http://www.openwall.com/lists/oss-security/2022/09/19/1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6022f210461fef67e6e676fd8544ca02d1bcfa7a https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/scsi/stex.c https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY https://lists.fedoraproject.org/archives/list/packa • CWE-908: Use of Uninitialized Resource •
CVE-2022-3176 – Use-after-free in io_uring in Linux Kernel
https://notcve.org/view.php?id=CVE-2022-3176
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?h=linux-5.4.y&id=fc78b2fc21f10c4c9c4d5d659a685710ffa63659 https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://security.netapp.com/advisory/ntap-20230216-0003 https://www.debian.org/security/2022/dsa-5257 • CWE-416: Use After Free •
CVE-2022-40476
https://notcve.org/view.php?id=CVE-2022-40476
A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service. Se ha detectado un problema de desreferencia de puntero null en el archivo fs/io_uring.c en el kernel de Linux versiones anteriores a 5.15.62. Un usuario local podría usar este fallo para bloquear el sistema o causar potencialmente una denegación de servicio • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.15.61&id=3746d62ecf1c872a520c4866118edccb121c44fd https://lore.kernel.org/lkml/CAO4S-mdVW5GkODk0+vbQexNAAJZopwzFJ9ACvRCJ989fQ4A6Ow%40mail.gmail.com https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.62 • CWE-476: NULL Pointer Dereference •
CVE-2022-2977
https://notcve.org/view.php?id=CVE-2022-2977
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. Se ha encontrado un fallo en la implementación del kernel de Linux de los dispositivos TPM virtualizados proxy. En un sistema donde los dispositivos TPM virtualizados están configurados (esto no es lo predeterminado) un atacante local puede crear un uso de memoria previamente liberada y crear una situación donde puede ser posible escalar privilegios en el sistema • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f https://security.netapp.com/advisory/ntap-20230214-0006 • CWE-416: Use After Free •