CVE-2022-0435 – kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
https://notcve.org/view.php?id=CVE-2022-0435
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. Se ha encontrado un fallo de desbordamiento de pila en la funcionalidad del protocolo TIPC del kernel de Linux en la forma en que un usuario envía un paquete con contenido malicioso cuando el número de nodos miembros del dominio es superior a los 64 permitidos. Este fallo permite a un usuario remoto bloquear el sistema o posiblemente escalar sus privilegios si presenta acceso a la red TIPC A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. • https://github.com/wlswotmd/CVE-2022-0435 https://bugzilla.redhat.com/show_bug.cgi?id=2048738 https://security.netapp.com/advisory/ntap-20220602-0001 https://www.openwall.com/lists/oss-security/2022/02/10/1 https://access.redhat.com/security/cve/CVE-2022-0435 • CWE-787: Out-of-bounds Write •
CVE-2022-25636 – kernel: heap out of bounds write in nf_dup_netdev.c
https://notcve.org/view.php?id=CVE-2022-25636
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. El archivo net/netfilter/nf_dup_netdev.c en el kernel de Linux versiones 5.4 hasta 5.6.10, permite a usuarios locales alcanzar privilegios debido a una escritura fuera de los límites de la pila. Esto está relacionado con nf_tables_offload An out-of-bounds (OOB) memory access flaw was found in nft_fwd_dup_netdev_offload in net/netfilter/nf_dup_netdev.c in the netfilter subcomponent in the Linux kernel due to a heap out-of-bounds write problem. This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat. • https://github.com/Bonfee/CVE-2022-25636 https://github.com/veritas501/CVE-2022-25636-PipeVersion https://github.com/chenaotian/CVE-2022-25636 http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html http://www.openwall.com/lists/oss-security/2022/02/22/1 https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6 https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636 https://security • CWE-269: Improper Privilege Management CWE-787: Out-of-bounds Write •
CVE-2022-25375
https://notcve.org/view.php?id=CVE-2022-25375
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. Se ha detectado un problema en el archivo drivers/usb/gadget/function/rndis.c en el kernel de Linux versiones anteriores a 5.16.10. El gadget USB RNDIS no comprueba el tamaño del comando RNDIS_MSG_SET. • http://www.openwall.com/lists/oss-security/2022/02/21/1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 https://github.com/szymonh/rndis-co https://github.com/torvalds/linux/commit/38ea1eac7d88072bbffb630e2b3db83ca649b826 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://www.debian.org/security/2022/dsa-5092 https://www.debian.org/security/2022/dsa-5096 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVE-2021-20320
https://notcve.org/view.php?id=CVE-2021-20320
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. Se encontró un fallo en s390 eBPF JIT en la función bpf_jit_insn en el archivo arch/s390/net/bpf_jit_comp.c en el kernel de Linux. En este fallo, un atacante local con privilegios de usuario especiales puede omitir el verificador y puede conllevar a un problema de confidencialidad • https://bugzilla.redhat.com/show_bug.cgi?id=2010090 https://lore.kernel.org/bpf/20210902185229.1840281-1-johan.almbladh%40anyfinetworks.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-0330 – kernel: possible privileges escalation due to missing TLB flush
https://notcve.org/view.php?id=CVE-2022-0330
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Se ha encontrado un fallo de acceso aleatorio a la memoria en la funcionalidad del controlador del kernel de la GPU i915 de Linux en la forma en que un usuario puede ejecutar código malicioso en la GPU. Este fallo permite a un usuario local bloquear el sistema o escalar sus privilegios en el mismo A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. • http://www.openwall.com/lists/oss-security/2022/11/30/1 https://bugzilla.redhat.com/show_bug.cgi?id=2042404 https://security.netapp.com/advisory/ntap-20220526-0001 https://www.openwall.com/lists/oss-security/2022/01/25/12 https://access.redhat.com/security/cve/CVE-2022-0330 • CWE-281: Improper Preservation of Permissions •