CVSS: 6.4EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45888
https://notcve.org/view.php?id=CVE-2022-45888
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/char/xillybus/xillyusb.c tiene una condición de carrera y uso después de la liberación durante la extracción física de un dispositivo USB. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=282a4b71816b6076029017a7bab3a9dcee12a920 https://lore.kernel.org/all/20221022175404.GA375335%40ubuntu https://security.netapp.com/advisory/ntap-20230113-0006 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45884 – kernel: use-after-free due to race condition occurring in dvb_register_device()
https://notcve.org/view.php?id=CVE-2022-45884
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/dvb-core/dvbdev.c tiene un use-after-free, relacionado con dvb_register_device que asigna dinámicamente fops. A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvb_register_device() function due to the file_operations structure (fops) being dynamically allocated and later kfreed. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3 https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com https://security.netapp.com/advisory/ntap-20230113-0006 https://access.redhat.com/security/cve/CVE-2022-45884 https://bugzilla.redhat.com/show_bug.cgi?id=2148510 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 16EXPL: 0CVE-2022-45886 – kernel: use-after-free due to race condition occurring in dvb_net.c
https://notcve.org/view.php?id=CVE-2022-45886
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/dvb-core/dvb_net.c tiene una condición de carrera .disconnect versus dvb_device_open que conduce a un use-after-free. A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the dvb_net component of the DVB core device driver. It could occur between the time the device is disconnected (.disconnect function) and the time the device node is opened (dvb_device_open function). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4172385b0c9ac366dcab78eda48c26814b87ed1a https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel%40gmail.com https://security.netapp.com/advisory/ntap-20230113-0006 https://access.redhat.com/security/cve/CVE-2022-45886 https://bugzilla.redhat.com/show_bug.cgi?id=2148517 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45887 – kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c
https://notcve.org/view.php?id=CVE-2022-45887
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c tiene una pérdida de memoria debido a la falta de una llamada dvb_frontend_detach. A memory leak issue was found in the Linux kernel media subsystem in the TTUSB DEC driver. It could occur in the ttusb_dec_exit_dvb() function because of the lack of a dvb_frontend_detach call. A local user could trigger this flaw by repeatedly plugging and unplugging the device, potentially causing a denial of service condition. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517a281338322ff8293f988771c98aaa7205e457 https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel%40gmail.com https://security.netapp.com/advisory/ntap-20230113-0006 https://access.redhat.com/security/cve/CVE-2022-45887 https://bugzilla.redhat.com/show_bug.cgi?id=2148520 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2022-43945 – kernel: nfsd buffer overflow by RPC message over TCP with garbage data
https://notcve.org/view.php?id=CVE-2022-43945
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. • http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8 https://security.netapp.com/advisory/ntap-20221215-0006 https://access.redhat.com/security/cve/CVE-2022-43945 https://bugzilla.redhat.com/show_bug.cgi?id=2141752 • CWE-131: Incorrect Calculation of Buffer Size CWE-770: Allocation of Resources Without Limits or Throttling •