CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23038
https://notcve.org/view.php?id=CVE-2022-23038
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23037
https://notcve.org/view.php?id=CVE-2022-23037
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23036
https://notcve.org/view.php?id=CVE-2022-23036
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.6EPSS: 0%CPEs: 63EXPL: 0CVE-2022-23960 – hw: cpu: arm64: Spectre-BHB
https://notcve.org/view.php?id=CVE-2022-23960
09 Mar 2022 — Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. Algunos procesadores Arm Cortex y Neoverse versiones hasta 08-03-2022 no restringen apropiadamente la especulación de la caché, también conocida como Spectre-BHB. Un atacante puede aprovec... • http://www.openwall.com/lists/oss-security/2022/03/18/2 •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23035 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2022-23035
25 Jan 2022 — Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared... • http://www.openwall.com/lists/oss-security/2022/01/25/4 • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23034 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2022-23034
25 Jan 2022 — A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check... • http://www.openwall.com/lists/oss-security/2022/01/25/3 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23033 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2022-23033
25 Jan 2022 — arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cac... • http://www.openwall.com/lists/oss-security/2022/01/25/2 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.0EPSS: 4%CPEs: 2EXPL: 1CVE-2022-4949 – AdSanity < 1.8.2 - Authenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2022-4949
25 Jan 2022 — The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload arbitrary files on the affected sites server which makes remote code execution possible. El plugin AdSanity para WordPress es vulnerable a la subida de archivos arbitrarios debido a la falta de validación del tipo de archivo en la func... • http://www.openwall.com/lists/oss-security/2023/11/09/3 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28713 – Ubuntu Security Notice USN-6014-1
https://notcve.org/view.php?id=CVE-2021-28713
05 Jan 2022 — Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain... • https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28712 – Debian Security Advisory 5096-1
https://notcve.org/view.php?id=CVE-2021-28712
05 Jan 2022 — Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain... • https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html •