CVE-2022-1048 – kernel: race condition in snd_pcm_hw_free leading to use-after-free
https://notcve.org/view.php?id=CVE-2022-1048
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en el subsistema de sonido del kernel de Linux en la forma en que un usuario desencadena las llamadas concurrentes de PCM hw_params. La ioctls hw_free o una condición de carrera similar ocurre dentro de ALSA PCM para otras ioctls. • https://bugzilla.redhat.com/show_bug.cgi?id=2066706 https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai%40suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3 https://security.netapp.com/advisory/ntap-20220629-0001 https://www.debian.org/security/2022/dsa-5127 https://www.debian.org/security/2022/dsa-5173 https://access.redhat.com/security/cve/CVE-2022-1048 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2022-1016 – kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM
https://notcve.org/view.php?id=CVE-2022-1016
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. Se ha encontrado un fallo en el kernel de Linux en el archivo net/netfilter/nf_tables_core.c:nft_do_chain, que puede causar un uso de memoria previamente liberada. Este problema necesita manejar "return" con las precondiciones apropiadas, ya que puede conllevar a un problema de filtrado de información del kernel causado por un atacante local no privilegiado • http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016 https://access.redhat.com/security/cve/CVE-2022-1016 https://bugzilla.redhat.com/show_bug.cgi?id=2066614 https://seclists.org/oss-sec/2022/q1/205 • CWE-824: Access of Uninitialized Pointer CWE-909: Missing Initialization of Resource •
CVE-2022-1015
https://notcve.org/view.php?id=CVE-2022-1015
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. Se ha encontrado un fallo en el kernel de Linux en el archivo linux/net/netfilter/nf_tables_api.c del subsistema netfilter. Este fallo permite a un usuario local causar un problema de escritura fuera de límites • https://github.com/pqlx/CVE-2022-1015 https://github.com/ysanatomic/CVE-2022-1015 https://github.com/0range1337/CVE-2022-1015 https://github.com/more-kohii/CVE-2022-1015 https://github.com/delsploit/CVE-2022-1015 https://github.com/wlswotmd/CVE-2022-1015 https://github.com/pivik271/CVE-2022-1015 https://github.com/zanezhub/CVE-2022-1015-1016 http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016 http://packetstormsecurity.com/files/16995 • CWE-787: Out-of-bounds Write •
CVE-2022-29156
https://notcve.org/view.php?id=CVE-2022-29156
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. El archivo drivers/infiniband/ulp/rtrs/rtrs-clt.c en el kernel de Linux versiones anteriores a 5.16.12, presenta una doble liberación relacionado con rtrs_clt_dev_release • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12 https://github.com/torvalds/linux/commit/8700af2cc18c919b2a83e74e0479038fd113c15d https://security.netapp.com/advisory/ntap-20220602-0002 • CWE-415: Double Free •
CVE-2022-28893 – kernel: use after free in SUNRPC subsystem
https://notcve.org/view.php?id=CVE-2022-28893
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. El subsistema SUNRPC en el kernel de Linux versiones hasta 5.17.2, puede llamar a xs_xprt_free antes de asegurarse de que los sockets están en el estado deseado A use-after-free flaw was found in the Linux kernel’s net/sunrpc/xprt.c function in the Remote Procedure Call (SunRPC) protocol. This flaw allows a local attacker to crash the system, leading to a kernel information leak issue. • http://www.openwall.com/lists/oss-security/2022/04/11/3 http://www.openwall.com/lists/oss-security/2022/04/11/4 http://www.openwall.com/lists/oss-security/2022/04/11/5 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a3b1bba7c7a5eb8a11513cf88427cb9d77bc60a https://security.netapp.com/advisory/ntap-20220526-0002 https://www.debian.org/security/2022/dsa-5161 https://access.redhat.com/security/cve/CVE-2022-28893 https://bugzilla.redhat.com/s • CWE-416: Use After Free •