CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 6CVE-2022-32250 – Linux Kernel nf_tables_expr_destroy Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-32250
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. El archivo net/netfilter/nf_tables_api.c en el kernel de Linux versiones hasta 5.18.1, permite a un usuario local (capaz de crear espacios de nombres de usuario/red) escalar privilegios a root porque una comprobación incorrecta de NFT_STATEFUL_EXPR conlleva a un uso de memoria previamente liberada A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nf_tables_expr_destroy method. • https://github.com/theori-io/CVE-2022-32250-exploit https://github.com/ysanatomic/CVE-2022-32250-LPE https://github.com/Kristal-g/CVE-2022-32250 http://www.openwall.com/lists/oss-security/2022/06/03/1 http://www.openwall.com/lists/oss-security/2022/06/04/1 http://www.openwall.com/lists/oss-security/2022/06/20/1 http://www.openwall.com/lists/oss-security/2022/07/03/5 http://www.openwall.com/lists/oss-security/2022/07/03/6 http://www.openwall&# • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1943
https://notcve.org/view.php?id=CVE-2022-1943
A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially Se ha encontrado un defecto de escritura en memoria fuera de límites en la funcionalidad del sistema de archivos UDF del kernel de Linux en la forma en que el usuario desencadena alguna operación de archivo que desencadena udf_write_fi(). Un usuario local podría usar este defecto para bloquear el sistema o potencialmente • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1ad35dd0548ce947d97aaf92f7f2f9a202951cf • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-1652
https://notcve.org/view.php?id=CVE-2022-1652
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. El Kernel de Linux podría permitir a un atacante local ejecutar código arbitrario en el sistema, causado por un fallo de uso de memoria previamente liberada concurrente en la función bad_flp_intr. Al ejecutar un programa especialmente diseñado, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario o causar una condición de denegación de servicio en el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=1832397 https://francozappa.github.io/about-bias https://kb.cert.org/vuls/id/647177 https://security.netapp.com/advisory/ntap-20220722-0002 https://www.debian.org/security/2022/dsa-5173 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0168 – kernel: smb2_ioctl_query_info NULL pointer dereference
https://notcve.org/view.php?id=CVE-2022-0168
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. Se encontró un problema de denegación de servicio (DOS) en la función smb2_ioctl_query_info del kernel de Linux en el archivo fs/cifs/smb2ops.c Common Internet File System (CIFS) debido a un retorno incorrecto de la función memdup_user. Este fallo permite a un atacante local privilegiado (CAP_SYS_ADMIN) bloquear el sistema. • https://access.redhat.com/security/cve/CVE-2022-0168 https://bugzilla.redhat.com/show_bug.cgi?id=2037386 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-1199
https://notcve.org/view.php?id=CVE-2022-1199
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. Se ha encontrado un fallo en el kernel de Linux. Este fallo permite a un atacante bloquear el kernel de Linux al simular la radioafición desde el espacio de usuario, resultando en una vulnerabilidad null-ptr-deref y una vulnerabilidad de uso de memoria previamente liberada • https://access.redhat.com/security/cve/CVE-2022-1199 https://bugzilla.redhat.com/show_bug.cgi?id=2070694 https://github.com/torvalds/linux/commit/4e0f718daf97d47cf7dec122da1be970f145c809 https://github.com/torvalds/linux/commit/71171ac8eb34ce7fe6b3267dce27c313ab3cb3ac https://github.com/torvalds/linux/commit/7ec02f5ac8a5be5a3f20611731243dc5e1d9ba10 https://security.netapp.com/advisory/ntap-20221228-0006 https://www.openwall.com/lists/oss-security/2022/04/02/5 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •