CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2022-28389
https://notcve.org/view.php?id=CVE-2022-28389
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. La función mcba_usb_start_xmit en el archivo drivers/net/can/usb/mcba_usb.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación • https://github.com/torvalds/linux/commit/04c9b00ba83594a29813d6b1fb8fdc93a3915174 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT https://security.netapp.com/advisory/ntap-20220513-0001 https://www.debian.org/security/2022/dsa-512 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-28390 – kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
https://notcve.org/view.php?id=CVE-2022-28390
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. La función ems_usb_start_xmit en el archivo drivers/net/can/usb/ems_usb.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación A double-free flaw was found in the Linux kernel in the ems_usb_start_xmit function. This flaw allows an attacker to create a memory leak and corrupt the underlying data structure by calling free more than once. • https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT https://security.netapp.com/advis • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-28356
https://notcve.org/view.php?id=CVE-2022-28356
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. En el kernel de Linux versiones anteriores a 5.17.1, se encontró un bug de filtrado de refcount en el archivo net/llc/af_llc.c • http://www.openwall.com/lists/oss-security/2022/04/06/1 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1 https://github.com/torvalds/linux/commit/764f4eb6846f5475f1244767d24d25dd86528a4a https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://security.netapp.com/advisory/ntap-20220506-0006 https://www.debian.org/security/2022/dsa-5127 https://www.debian.org/security/2022/dsa-5173 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3847
https://notcve.org/view.php?id=CVE-2021-3847
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. Se encontró un acceso no autorizado a la ejecución del archivo setuid con fallo de capacidades en el subsistema OverlayFS del kernel de Linux en la forma en que el usuario copia un archivo capaz de un montaje nosuid en otro montaje. Un usuario local podría usar este fallo para escalar sus privilegios en el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=2009704 https://www.openwall.com/lists/oss-security/2021/10/14/3 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2022-0998
https://notcve.org/view.php?id=CVE-2022-0998
An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de desbordamiento de enteros en el código del controlador del dispositivo virtio del kernel de Linux en la forma en que un usuario desencadena la función vhost_vdpa_config_validate. Este fallo permite que un usuario local se bloquee o escale potencialmente sus privilegios en el sistema • http://www.openwall.com/lists/oss-security/2022/04/02/1 https://lore.kernel.org/netdev/20220123001216.2460383-13-sashal%40kernel.org https://security.netapp.com/advisory/ntap-20220513-0003 • CWE-190: Integer Overflow or Wraparound •