CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0CVE-2022-41858 – kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip
https://notcve.org/view.php?id=CVE-2022-41858
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. • https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798 https://security.netapp.com/advisory/ntap-20230223-0006 https://access.redhat.com/security/cve/CVE-2022-41858 https://bugzilla.redhat.com/show_bug.cgi?id=2144379 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-47929 – kernel: NULL pointer dereference in traffic control subsystem
https://notcve.org/view.php?id=CVE-2022-47929
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. A NULL pointer dereference flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux kernel. This issue may allow a local unprivileged user to trigger a denial of service if the alloc_workqueue function return is not validated in time of failure, resulting in a system crash or leaked internal kernel information. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96398560f26aa07e8f2969d73c8197e6a6d10407 https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://tldp.org/HOWTO/Traffic-Control-HOWTO/components.html https://www.debian.org/security/2023/dsa-5324 https://www.spinics.net/lists/netdev/msg555705.html https:// • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-23559
https://notcve.org/view.php?id=CVE-2023-23559
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. En rndis_query_oid en drivers/net/wireless/rndis_wlan.c en el kernel de Linux hasta 6.1.5, hay un desbordamiento de enteros en una suma. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich%40gmail.com https://security.netapp.com/advisory/ntap-20230302-0003 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-4139 – kernel: i915: Incorrect GPU TLB flush can lead to random memory access
https://notcve.org/view.php?id=CVE-2022-4139
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2147572 https://security.netapp.com/advisory/ntap-20230309-0004 https://www.openwall.com/lists/oss-security/2022/11/30/1 https://access.redhat.com/security/cve/CVE-2022-4139 • CWE-281: Improper Preservation of Permissions CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4842
https://notcve.org/view.php?id=CVE-2022-4842
A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system. Se encontró una falla en la desreferencia del puntero NULL en la función del controlador NTFS3 del kernel de Linux attr_punch_hole(). Un usuario local podría utilizar esta falla para bloquear el sistema. • https://lore.kernel.org/ntfs3/784f82c4-de71-b8c3-afd6-468869a369af%40paragon-software.com/T/#t • CWE-476: NULL Pointer Dereference •