CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-47519 – Ubuntu Security Notice USN-5950-1
https://notcve.org/view.php?id=CVE-2022-47519
18 Dec 2022 — An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. Se descubrió un problema en el kernel de Linux anterior a 6.0.11. La falta de validación de IEEE80211_P2P_ATTR_OPER_CHANNEL en drivers/net/wireless/microchip/wilc1000/cfg80211.c en el controlador inalámbrico ... • https://github.com/torvalds/linux/commit/051ae669e4505abbe05165bebf6be7922de11f41 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-47520 – Ubuntu Security Notice USN-5939-1
https://notcve.org/view.php?id=CVE-2022-47520
18 Dec 2022 — An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. Se descubrió un problema en el kernel de Linux anterior a 6.0.11. La falta de validación de compensación en drivers/net/wireless/microchip/wilc1000/hif.c en el controlador inalámbrico WILC1000 puede desencadenar una lectura ... • https://github.com/torvalds/linux/commit/cd21d99e595ec1d8721e1058dcdd4f1f7de1d793 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-47521 – Ubuntu Security Notice USN-5950-1
https://notcve.org/view.php?id=CVE-2022-47521
18 Dec 2022 — An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. Se descubrió un problema en el kernel de Linux anterior a 6.0.11. La falta de validación de IEEE80211_P2P_ATTR_CHANNEL_LIST en drivers/net/wireless/microchip/wilc1000/cfg80211.c en el controlador i... • https://github.com/torvalds/linux/commit/f9b62f9843c7b0afdaecabbcebf1dbba18599408 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-4378 – kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
https://notcve.org/view.php?id=CVE-2022-4378
16 Dec 2022 — A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implemen... • http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2022-41858 – kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip
https://notcve.org/view.php?id=CVE-2022-41858
16 Dec 2022 — A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. • https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-4095 – Ubuntu Security Notice USN-5791-3
https://notcve.org/view.php?id=CVE-2022-4095
16 Dec 2022 — A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel su... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c53b3dcb9942b8ed7f81ee3921c4085d87070c73 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3707 – kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed
https://notcve.org/view.php?id=CVE-2022-3707
16 Dec 2022 — A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. • https://bugzilla.redhat.com/show_bug.cgi?id=2137979 • CWE-415: Double Free CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-4139 – kernel: i915: Incorrect GPU TLB flush can lead to random memory access
https://notcve.org/view.php?id=CVE-2022-4139
16 Dec 2022 — An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux... • https://bugzilla.redhat.com/show_bug.cgi?id=2147572 • CWE-281: Improper Preservation of Permissions CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-3114 – SUSE Security Advisory - SUSE-SU-2023:0146-1
https://notcve.org/view.php?id=CVE-2022-3114
14 Dec 2022 — An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference. Se descubrió un problema en el kernel de Linux hasta 5.16-rc6. imx_register_uart_clocks en drivers/clk/imx/clk.c carece de verificación del valor de retorno de kcalloc() y provocará la desreferencia del puntero nulo. An update that solves 96 vulnerabilities, contains 50 features and has 246 fixes is now avail... • https://bugzilla.redhat.com/show_bug.cgi?id=2153054 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-3104 – SUSE Security Advisory - SUSE-SU-2023:0146-1
https://notcve.org/view.php?id=CVE-2022-3104
14 Dec 2022 — An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference. Se descubrió un problema en el kernel de Linux hasta 5.16-rc6. lkdtm_ARRAY_BOUNDS en drivers/misc/lkdtm/bugs.c carece de verificación del valor de retorno de kmalloc() y provocará la desreferencia del puntero nulo. An update that solves 14 vulnerabilities, contains three features and has 32 fixes is now availab... • https://bugzilla.redhat.com/show_bug.cgi?id=2153062 • CWE-476: NULL Pointer Dereference •