CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-47521
https://notcve.org/view.php?id=CVE-2022-47521
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. Se descubrió un problema en el kernel de Linux anterior a 6.0.11. La falta de validación de IEEE80211_P2P_ATTR_CHANNEL_LIST en drivers/net/wireless/microchip/wilc1000/cfg80211.c en el controlador inalámbrico WILC1000 puede desencadenar un desbordamiento de búfer de almacenamiento dinámico al analizar el atributo del canal operativo desde los marcos de administración de Wi-Fi. • https://github.com/torvalds/linux/commit/f9b62f9843c7b0afdaecabbcebf1dbba18599408 https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html https://lore.kernel.org/r/20221123153543.8568-4-philipturnbull%40github.com https://security.netapp.com/advisory/ntap-20230113-0007 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2022-45919 – kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c
https://notcve.org/view.php?id=CVE-2022-45919
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.10. En drivers/media/dvb-core/dvb_ca_en50221.c, puede ocurrir un use-after-free si hay una desconexión después de una apertura, debido a la falta de un wait_event. A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB CA EN50221 interface of the DVB core device driver. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=280a8ab81733da8bc442253c700a52c4c0886ffd https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u https://security.netapp.com/advisory/ntap-20230113-0008 https://access.redhat.com/security/cve/CVE-2022-45919 https://bugzilla.redhat.com/show_bug.cgi?id=2151956 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2022-45934 – kernel: integer overflow in l2cap_config_req() in net/bluetooth/l2cap_core.c
https://notcve.org/view.php?id=CVE-2022-45934
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.10. l2cap_config_req en net/bluetooth/l2cap_core.c tiene una envoltura de números enteros a través de paquetes L2CAP_CONF_REQ. An integer overflow flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user generates malicious L2CAP_CONF_REQ packets. This flaw allows a local or bluetooth connection user to crash the system. • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDAKCGDW6CQ6G3RZWYZJO454R3L5CTQB https://security.netapp.com/advisory/ntap-20230113-0008 https://www.debian.org/security/2023/dsa-5324 https://access.redhat.co • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45885
https://notcve.org/view.php?id=CVE-2022-45885
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/media/dvb-core/dvb_frontend.c tiene una condición de carrera que puede provocar un use-after-free cuando se desconecta un dispositivo. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel%40gmail.com https://security.netapp.com/advisory/ntap-20230113-0006 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 11EXPL: 0CVE-2022-45888
https://notcve.org/view.php?id=CVE-2022-45888
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. Se descubrió un problema en el kernel de Linux hasta la versión 6.0.9. drivers/char/xillybus/xillyusb.c tiene una condición de carrera y uso después de la liberación durante la extracción física de un dispositivo USB. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=282a4b71816b6076029017a7bab3a9dcee12a920 https://lore.kernel.org/all/20221022175404.GA375335%40ubuntu https://security.netapp.com/advisory/ntap-20230113-0006 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •