CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-4144 – QEMU: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read
https://notcve.org/view.php?id=CVE-2022-4144
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition. Se encontró una falla de lectura fuera de los límites en la emulación del dispositivo de visualización QXL en QEMU. La función qxl_phys2virt() no verifica el tamaño de la estructura a la que apunta la dirección física del invitado, lo que potencialmente lee más allá del final del espacio de la barra en páginas adyacentes. • https://bugzilla.redhat.com/show_bug.cgi?id=2148506 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTVPHLLXJ65BUMFBUUZ35F3J632SLFRK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html https://security.netapp.com/advisory/ntap-20230127-0012 https://access.redhat.com/security/cve/CVE-2022-4144 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3775 – grub2: Heap based out-of-bounds write when redering certain unicode sequences
https://notcve.org/view.php?id=CVE-2022-3775
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. Al representar ciertas secuencias Unicode, el código de fuente de grub2 no se valida correctamente si el ancho y alto del glifo informado están restringidos dentro del tamaño del mapa de bits. Como consecuencia, un atacante puede crear una entrada que provocará una escritura fuera de los límites en el montón de grub2, lo que provocará daños en la memoria y problemas de disponibilidad. • https://access.redhat.com/security/cve/cve-2022-3775 https://security.gentoo.org/glsa/202311-14 https://access.redhat.com/security/cve/CVE-2022-3775 https://bugzilla.redhat.com/show_bug.cgi?id=2138880 • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 12EXPL: 0CVE-2022-2601 – grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass
https://notcve.org/view.php?id=CVE-2022-2601
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. Se encontró un desbordamiento del búfer en grub_font_construct_glyph(). Una fuente pf2 manipulada maliciosamente puede provocar un desbordamiento al calcular el valor max_glyph_size, asignando un búfer más pequeño de lo necesario para el glifo, lo que además provoca un desbordamiento del búfer y una escritura fuera de los límites basada en el heap. • https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0 https://security.gentoo.org/glsa/202311-14 https://security.netapp.com/advisory/ntap-20230203-0004 https://access.redhat.com/security/cve/CVE-2022-2601 https://bugzilla.redhat.com/show_bug.cgi?id=2112975 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3500 – keylime: exception handling and impedance match in tornado_requests
https://notcve.org/view.php?id=CVE-2022-3500
A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. Se encontró una vulnerabilidad en keylime. Este problema de seguridad ocurre en algunas circunstancias, debido a algunas excepciones manejadas incorrectamente, existe la posibilidad de que un agente deshonesto pueda crear errores en el verificador que detuviera los intentos de atestación para ese host dejándolo en un estado atestado pero sin verificarlo más. A vulnerability was found in keylime. • https://access.redhat.com/security/cve/CVE-2022-3500 https://github.com/keylime/keylime/pull/1128 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z https://bugzilla.redhat.com/show_bug.cgi?id=2135343 • CWE-248: Uncaught Exception •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3787 – device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux
https://notcve.org/view.php?id=CVE-2022-3787
A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root. • https://bugzilla.redhat.com/show_bug.cgi?id=2138959 https://access.redhat.com/security/cve/CVE-2022-3787 • CWE-285: Improper Authorization •