CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-39189 – kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning
https://notcve.org/view.php?id=CVE-2022-39189
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. Se ha detectado un problema en el subsistema KVM x86 en el kernel de Linux versiones anteriores a 5.18.17. Los usuarios invitados no privilegiados pueden comprometer el kernel invitado porque las operaciones de vaciado del TLB son manejadas inapropiadamente en determinadas situaciones de KVM_VCPU_PREEMPTED A flaw was found in the x86 KVM subsystem in kvm_steal_time_set_preempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. • https://bugs.chromium.org/p/project-zero/issues/detail?id=2309 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.17 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88243c7e03845a450795e134b488fc2afb736 https://github.com/torvalds/linux/commit/6cd88243c7e03845a450795e134b488fc2afb736 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20230214-0007 https://www.debian.org/security/2023/dsa-5480 https:/ • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3078
https://notcve.org/view.php?id=CVE-2022-3078
An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c. Se ha detectado un problema en el kernel de Linux versiones hasta 5.16-rc6. Se presenta una falta de comprobación después de llamar a vzalloc() y una falta de liberación después de la asignación en drivers/media/test-drivers/vidtv/vidtv_s302m.c • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=e6a21a14106d9718aa4f8e115b1e474888eeba44 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 4CVE-2022-2639 – kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()
https://notcve.org/view.php?id=CVE-2022-2639
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un error de coerción de enteros en el módulo del kernel openvswitch. Dado un número suficientemente grande de acciones, mientras ses copiado y es reservada memoria para una nueva acción de un nuevo flujo, la función reserve_sfa_size() no devuelve -EMSGSIZE como es esperado, conllevando potencialmente a un acceso de escritura fuera de límites. • https://github.com/bb33bb/CVE-2022-2639-PipeVersion https://github.com/letsr00t/-2022-LOCALROOT-CVE-2022-2639 https://github.com/EkamSinghWalia/Detection-and-Mitigation-for-CVE-2022-2639 https://bugzilla.redhat.com/show_bug.cgi?id=2084479 https://github.com/torvalds/linux/commit/cefa91b2332d7009bc0be5d951d6cbbf349f90f8 https://access.redhat.com/security/cve/CVE-2022-2639 • CWE-192: Integer Coercion Error CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-27784
https://notcve.org/view.php?id=CVE-2020-27784
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). Se encontró una vulnerabilidad en el kernel de Linux, donde al acceder a una instancia desasignada en printer_ioctl() printer_ioctl() intenta acceder a una instancia de printer_dev. Sin embargo, es producido un uso de memoria previamente liberada porque había sido liberada por la función gprinter_free() • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8d5f92b8d30bb4ade76494490c3c065e12411b1 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3061
https://notcve.org/view.php?id=CVE-2022-3061
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. Se ha encontrado un fallo en el Kernel de Linux en el controlador i740. El programa de espacio de usuario podía pasar cualquier valor al controlador mediante la interfaz ioctl(). • https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit/?id=15cf0b82271b1823fb02ab8c377badba614d95d5 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.debian.org/security/2022/dsa-5257 • CWE-369: Divide By Zero •