CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2021-33655 – kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory
https://notcve.org/view.php?id=CVE-2021-33655
When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. Cuando son enviados datos maliciosos al kernel mediante ioctl cmd FBIOPUT_VSCREENINFO, el kernel escribirá memoria fuera de límites An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. • http://www.openwall.com/lists/oss-security/2022/07/19/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://www.debian.org/security/2022/dsa-5191 https://access.redhat.com/security/cve/CVE-2021-33655 https://bugzilla.redhat.com/show_bug.cgi?id=2108691 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-2318
https://notcve.org/view.php?id=CVE-2022-2318
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. Se presentan vulnerabilidades de uso de memoria previamente liberada causadas por el manejador del temporizador en el archivo net/rose/rose_timer.c de linux que permiten a atacantes bloquear el kernel de linux sin ningún privilegio • https://github.com/torvalds/linux/commit/9cc02ede696272c5271a401e4f27c262359bc2f6 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://security.netapp.com/advisory/ntap-20230120-0001 https://www.debian.org/security/2022/dsa-5191 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-33742
https://notcve.org/view.php?id=CVE-2022-33742
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). Unas fuga de datos de frontends de disco/NIC de Linux Este registro de información de CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a qué CVE.] Las interfaces de dispositivos Linux Block y Network PV no ponen a cero las regiones de memoria antes de compartirlas con el backend (CVE-2022-26365, CVE-2022-33740). • http://www.openwall.com/lists/oss-security/2022/07/05/6 http://xenbits.xen.org/xsa/advisory-403.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://www.debian.org/security/2022/dsa-5191 https://xenbits.xenproject.org/xsa/advisory-403&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-33741
https://notcve.org/view.php?id=CVE-2022-33741
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). Unas fuga de datos de frontends de disco/NIC de Linux Este registro de información de CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a qué CVE.] Las interfaces de dispositivos Linux Block y Network PV no ponen a cero las regiones de memoria antes de compartirlas con el backend (CVE-2022-26365, CVE-2022-33740). • http://www.openwall.com/lists/oss-security/2022/07/05/6 http://xenbits.xen.org/xsa/advisory-403.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://www.debian.org/security/2022/dsa-5191 https://xenbits.xenproject.org/xsa/advisory-403&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-33740
https://notcve.org/view.php?id=CVE-2022-33740
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). Unas fuga de datos de frontends de disco/NIC de Linux Este registro de información de CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a qué CVE.] Las interfaces de dispositivos Linux Block y Network PV no ponen a cero las regiones de memoria antes de compartirlas con el backend (CVE-2022-26365, CVE-2022-33740). • http://www.openwall.com/lists/oss-security/2022/07/05/6 http://xenbits.xen.org/xsa/advisory-403.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://www.debian.org/security/2022/dsa-5191 https://xenbits.xenproject.org/xsa/advisory-403&# • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •