CVE-2022-2196 – Speculative execution attacks in KVM VMX
https://notcve.org/view.php?id=CVE-2022-2196
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a A flaw was found in the KVM's Intel nested virtualization feature (nVMX). Since L1 and L2 shared branch prediction modes (guest-user and guest-kernel), KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 https://kernel.dance/#2e7eab81425a https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://access.redhat.com/security/cve/CVE-2022-2196 https://bugzilla.redhat.com/show_bug.cgi?id=2160023 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2022-4378 – kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
https://notcve.org/view.php?id=CVE-2022-4378
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. • http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html https://bugzilla.redhat.com/show_bug.cgi?id=2152548 https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch https://seclists.org/oss-sec/202 • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVE-2022-4662 – kernel: Recursive locking violation in usb-storage that can cause the kernel to deadlock
https://notcve.org/view.php?id=CVE-2022-4662
A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. Se encontró un fallo en el control de acceso incorrecto en el subsistema central USB del kernel de Linux en la forma en que el usuario conecta el dispositivo USB. Un usuario local podría utilizar este fallo para bloquear el sistema. An incorrect access control flaw was found in the Linux kernel USB core subsystem. • https://lore.kernel.org/all/20220913140355.910732567%40linuxfoundation.org https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com https://access.redhat.com/security/cve/CVE-2022-4662 https://bugzilla.redhat.com/show_bug.cgi?id=2155788 • CWE-455: Non-exit on Failed Initialization •
CVE-2022-47519
https://notcve.org/view.php?id=CVE-2022-47519
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. Se descubrió un problema en el kernel de Linux anterior a 6.0.11. La falta de validación de IEEE80211_P2P_ATTR_OPER_CHANNEL en drivers/net/wireless/microchip/wilc1000/cfg80211.c en el controlador inalámbrico WILC1000 puede desencadenar una escritura fuera de los límites al analizar el atributo de lista de canales de los marcos de administración de Wi-Fi. • https://github.com/torvalds/linux/commit/051ae669e4505abbe05165bebf6be7922de11f41 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lore.kernel.org/r/20221123153543.8568-3-philipturnbull%40github.com https://security.netapp.com/advisory/ntap-20230113-0007 • CWE-787: Out-of-bounds Write •
CVE-2022-47518
https://notcve.org/view.php?id=CVE-2022-47518
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames. Se descubrió un problema en el kernel de Linux anterior a 6.0.11. La falta de validación del número de canales en drivers/net/wireless/microchip/wilc1000/cfg80211.c en el controlador inalámbrico WILC1000 puede provocar un desbordamiento de búfer de almacenamiento dinámico al copiar la lista de canales operativos desde marcos de administración de Wi-Fi. • https://github.com/torvalds/linux/commit/0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lore.kernel.org/r/20221123153543.8568-5-philipturnbull%40github.com https://security.netapp.com/advisory/ntap-20230113-0007 • CWE-787: Out-of-bounds Write •