CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46393
https://notcve.org/view.php?id=CVE-2022-46393
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. Se descubrió un problema en Mbed TLS anterior a 2.28.2 y 3.x anterior a 3.3.0. Existe un posible desbordamiento de búfer de almacenamiento dinámico y una sobrelectura de búfer de almacenamiento dinámico en DTLS si MBEDTLS_SSL_DTLS_CONNECTION_ID está habilitado y MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. • https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46392
https://notcve.org/view.php?id=CVE-2022-46392
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller. Se descubrió un problema en Mbed TLS anterior a 2.28.2 y 3.x anterior a 3.3.0. Un adversario con acceso a información suficientemente precisa sobre los accesos a la memoria (normalmente, un sistema operativo no confiable que ataca un enclave seguro) puede recuperar una clave privada RSA después de observar a la víctima realizando una única operación con clave privada, si el tamaño de la ventana (MBEDTLS_MPI_WINDOW_SIZE) utilizada para la exponenciación es 3 o menor. • https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB • CWE-203: Observable Discrepancy •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42716 – Arm Mali CSF KBASE_REG_NO_USER_FREE Unsafe Use Use-After-Free
https://notcve.org/view.php?id=CVE-2022-42716
An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0. Se descubrió un problema en el controlador del kernel de GPU Arm Mali. • http://packetstormsecurity.com/files/170420/Arm-Mali-CSF-KBASE_REG_NO_USER_FREE-Unsafe-Use-Use-After-Free.html https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-34830
https://notcve.org/view.php?id=CVE-2022-34830
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory. Una familia de productos Arm hasta el 29 de junio de 2022 tiene una condición de ejecución TOCTOU que permite a usuarios sin privilegios realizar operaciones de procesamiento de GPU incorrectas para obtener acceso a la memoria ya liberada. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities https://developer.arm.com/support/arm-security-updates • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41757
https://notcve.org/view.php?id=CVE-2022-41757
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to obtain write access to read-only memory, or obtain access to already freed memory. This affects Valhall r29p0 through r38p1 before r38p2, and r39p0 before r40p0. Se descubrió un problema en Arm Mali GPU Kernel Driver. Un usuario sin privilegios puede realizar operaciones de procesamiento de GPU inadecuadas para obtener acceso de escritura a la memoria de solo lectura y obtener acceso a la memoria ya liberada. • https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities •