CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3176 – Use-after-free in io_uring in Linux Kernel
https://notcve.org/view.php?id=CVE-2022-3176
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit?h=linux-5.4.y&id=fc78b2fc21f10c4c9c4d5d659a685710ffa63659 https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://security.netapp.com/advisory/ntap-20230216-0003 https://www.debian.org/security/2022/dsa-5257 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40476
https://notcve.org/view.php?id=CVE-2022-40476
A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service. Se ha detectado un problema de desreferencia de puntero null en el archivo fs/io_uring.c en el kernel de Linux versiones anteriores a 5.15.62. Un usuario local podría usar este fallo para bloquear el sistema o causar potencialmente una denegación de servicio • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.15.61&id=3746d62ecf1c872a520c4866118edccb121c44fd https://lore.kernel.org/lkml/CAO4S-mdVW5GkODk0+vbQexNAAJZopwzFJ9ACvRCJ989fQ4A6Ow%40mail.gmail.com https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.62 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-2977
https://notcve.org/view.php?id=CVE-2022-2977
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. Se ha encontrado un fallo en la implementación del kernel de Linux de los dispositivos TPM virtualizados proxy. En un sistema donde los dispositivos TPM virtualizados están configurados (esto no es lo predeterminado) un atacante local puede crear un uso de memoria previamente liberada y crear una situación donde puede ser posible escalar privilegios en el sistema • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f https://security.netapp.com/advisory/ntap-20230214-0006 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-3202
https://notcve.org/view.php?id=CVE-2022-3202
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. Un fallo de desreferencia de puntero NULL en diFree en el archivo fs/jfs/inode.c en Journaled File System (JFS) en el kernel de Linux. Esto podría permitir a un atacante local bloquear el sistema o filtrar información interna del kernel • https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47 https://security.netapp.com/advisory/ntap-20221228-0007 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3170
https://notcve.org/view.php?id=CVE-2022-3170
An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system. Se ha encontrado un problema de acceso fuera de límites en el subsistema de sonido del kernel de Linux. Podía ocurrir cuando el "id-)name proporcionado por el usuario no terminaba con "\0". • https://github.com/torvalds/linux/commit/5934d9a0383619c14df91af8fd76261dc3de2f5f https://github.com/torvalds/linux/commit/6ab55ec0a938c7f943a4edba3d6514f775983887 • CWE-125: Out-of-bounds Read •