CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-42896 – Info Leak in l2cap_core in the Linux Kernel
https://notcve.org/view.php?id=CVE-2022-42896
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url Existen vulnerabilidades de use-after-free en las funciones l2cap_connect y l2cap_le_connect_req del kernel de Linux net/bluetooth/l2cap_core.c que pueden permitir la ejecución de código y la pérdida de memoria del kernel (respectivamente) de forma remota a través de Bluetooth. Un atacante remoto podría ejecutar código que filtre la memoria del kernel a través de Bluetooth si se encuentra cerca de la víctima. Recomendamos actualizar al commit anterior https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim. • https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4 https://access.redhat.com/security/cve/CVE-2022-42896 https://bugzilla.redhat.com/show_bug.cgi?id=2147364 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2022-3910 – Use after free in IO_uring in the Linux Kernel
https://notcve.org/view.php?id=CVE-2022-3910
Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 La vulnerabilidad de Use After Free en el kernel de Linux permite la escalada de privilegios. Una actualización incorrecta del recuento de referencias en io_uring conduce a un use-after-free y escalada de privilegios locales. Cuando se invocó io_msg_ring con un archivo fijo, llamó a io_fput_file(), lo que disminuyó incorrectamente su recuento de referencias (lo que llevó a Use-After-Free y Escalada de privilegios locales). • https://github.com/veritas501/CVE-2022-3910 https://github.com/TLD1027/CVE-2022-3910 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://kernel.dance/#fc7222c3a9f56271fba02aabbfbae999042f1679 • CWE-416: Use After Free •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3903
https://notcve.org/view.php?id=CVE-2022-3903
An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. Se encontró una falla de solicitud de lectura incorrecta en el controlador USB del transceptor de infrarrojos en el kernel de Linux. Este problema ocurre cuando un usuario conecta un dispositivo USB malicioso. • https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com https://lore.kernel.org/all/E1obysd-009Grw-He%40www.linuxtv.org • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3238
https://notcve.org/view.php?id=CVE-2022-3238
A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se encontró una falla de doble liberación en el subsistema NTFS3 del kernel de Linux en la forma en que un usuario activa el montaje y el desmontaje simultáneamente. Esta falla permite que un usuario local falle o potencialmente aumente sus privilegios en el sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=2127927 • CWE-415: Double Free CWE-459: Incomplete Cleanup •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2022-43945 – kernel: nfsd buffer overflow by RPC message over TCP with garbage data
https://notcve.org/view.php?id=CVE-2022-43945
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. • http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8 https://security.netapp.com/advisory/ntap-20221215-0006 https://access.redhat.com/security/cve/CVE-2022-43945 https://bugzilla.redhat.com/show_bug.cgi?id=2141752 • CWE-131: Incorrect Calculation of Buffer Size CWE-770: Allocation of Resources Without Limits or Throttling •