CVSS: 7.0EPSS: 0%CPEs: 25EXPL: 0CVE-2022-28796
https://notcve.org/view.php?id=CVE-2022-28796
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. La función jbd2_journal_wait_updates en el archivo fs/jbd2/transaction.c en el kernel de Linux versiones anteriores a 5.17.1, presenta un uso de memoria previamente liberada causado por una condición de carrera transaction_t • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.1 https://github.com/torvalds/linux/commit/cc16eecae687912238ee6efbff71ad31e2bc414e https://security.netapp.com/advisory/ntap-20220506-0006 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 3CVE-2022-28805 – lua: heap buffer overread
https://notcve.org/view.php?id=CVE-2022-28805
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. singlevar en lparser.c en Lua desde (incluyendo) 5.4.0 hasta (excluyendo) 5.4.4 carece de una determinada llamada a luaK_exp2anyregup, lo que lleva a una sobrelectura del búfer basada en la pila que podría afectar a un sistema que compila código Lua no fiable A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity. • https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA https://lua-users.org/lists/lua-l/2022-02/msg00001.html https://lua-users.org/lists/lua-l/2022-02/msg00070.html https://lua-users.org/lists/lua-l/2022-04/msg00009.html https://security.gentoo.o • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2021-3979 – ceph: Ceph volume does not honour osd_dmcrypt_key_size
https://notcve.org/view.php?id=CVE-2021-3979
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. Se ha encontrado un fallo de longitud de clave en Red Hat Ceph Storage. Un atacante puede explotar el hecho de que la longitud de la clave se pasa incorrectamente en un algoritmo de cifrado para crear una clave no aleatoria, que es más débil y puede ser explotada para la pérdida de confidencialidad e integridad en los discos cifrados. • https://access.redhat.com/security/cve/CVE-2021-3979 https://bugzilla.redhat.com/show_bug.cgi?id=2024788 https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656 https://github.com/ceph/ceph/pull/44765 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q https://tracker.ceph.com/issues/54006 • CWE-287: Improper Authentication CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2022-26356
https://notcve.org/view.php?id=CVE-2022-26356
Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak. Una activación del modo de registro sucio realizada por XEN_DMOP_track_dirty_vram (es llamada HVMOP_track_dirty_vram antes de Xen versión 4.9) es producido con las hiperllamadas de registro sucio en curso. Una llamada a XEN_DMOP_track_dirty_vram con el tiempo apropiado puede habilitar log dirty mientras otra CPU está todavía en el proceso de desmontar las estructuras relacionadas con un modo log dirty previamente habilitado (XEN_DOMCTL_SHADOW_OP_OFF). • http://www.openwall.com/lists/oss-security/2022/04/05/1 http://xenbits.xen.org/xsa/advisory-397.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD https://security.gentoo.org/glsa/202402-07 https://www.debian.org/security/2022/dsa-5117 https://xenbits.xenproject.org/xsa/advisory-397.txt • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26361
https://notcve.org/view.php?id=CVE-2022-26361
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. • http://www.openwall.com/lists/oss-security/2022/04/05/3 http://xenbits.xen.org/xsa/advisory-400.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD https://security.gentoo.org/glsa/202402-07 https://www.debian.org/security/2022/dsa-5117 https://xenbits.xenproject.org/xsa/advisory-400.txt •