CVE-2022-0492 – kernel: cgroups v1 release_agent feature may allow privilege escalation
https://notcve.org/view.php?id=CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. Se ha encontrado una vulnerabilidad en la función cgroup_release_agent_write en el archivo kernel/cgroup/cgroup-v1.c del kernel de Linux. Este fallo, bajo determinadas circunstancias, permite el uso de la función cgroups v1 release_agent para escalar privilegios y saltarse el aislamiento del espacio de nombres de forma no esperada • https://github.com/chenaotian/CVE-2022-0492 https://github.com/SofianeHamlaoui/CVE-2022-0492-Checker https://github.com/yoeelingBin/CVE-2022-0492-Container-Escape https://github.com/T1erno/CVE-2022-0492-Docker-Breakout-Checker-and-PoC https://github.com/bb33bb/CVE-2022-0492 http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html http://packetstormsecurity.com/files/17 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVE-2022-0435 – kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
https://notcve.org/view.php?id=CVE-2022-0435
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. Se ha encontrado un fallo de desbordamiento de pila en la funcionalidad del protocolo TIPC del kernel de Linux en la forma en que un usuario envía un paquete con contenido malicioso cuando el número de nodos miembros del dominio es superior a los 64 permitidos. Este fallo permite a un usuario remoto bloquear el sistema o posiblemente escalar sus privilegios si presenta acceso a la red TIPC A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. • https://github.com/wlswotmd/CVE-2022-0435 https://bugzilla.redhat.com/show_bug.cgi?id=2048738 https://security.netapp.com/advisory/ntap-20220602-0001 https://www.openwall.com/lists/oss-security/2022/02/10/1 https://access.redhat.com/security/cve/CVE-2022-0435 • CWE-787: Out-of-bounds Write •
CVE-2021-4115 – polkit: file descriptor leak allows an unprivileged user to cause a crash
https://notcve.org/view.php?id=CVE-2021-4115
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned Se presenta un fallo en polkit que puede permitir a un usuario no privilegiado causar un bloqueo de polkit, debido al agotamiento del descriptor de archivos del proceso. La mayor amenaza de esta vulnerabilidad es la disponibilidad. NOTA: La duración de la interrupción del proceso de polkit está ligada al proceso que falla y a la creación de uno nuevo There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. • http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html https://access.redhat.com/security/cve/cve-2021-4115 https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e https://gitlab.freedesktop.org/polkit/polkit/-/issues/141 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGKWCBS6IDZYYDYM2WIWJM5BL7QQTWPF https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat • CWE-400: Uncontrolled Resource Consumption CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') •
CVE-2022-23645 – Out-of-bounds read in swtpm
https://notcve.org/view.php?id=CVE-2022-23645
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. • https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19 https://github.com/stefanberger/swtpm/releases/tag/v0.5.3 https://github.com/stefanberger/swtpm/releases/tag/v0.6.2 https://github.com/stefanberger/swtpm/releases/tag/v0.7.1 https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A https://access.redhat.com/security/cve/CVE-2022-23645& • CWE-125: Out-of-bounds Read •
CVE-2021-3657
https://notcve.org/view.php?id=CVE-2021-3657
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. Se ha encontrado un fallo en mbsync versiones anteriores a 1.4.4. Debido al manejo inapropiado de literales IMAP extremadamente grandes ()=2GiB), los servidores IMAP maliciosos o comprometidos, e hipotéticamente incluso los remitentes de correo electrónico externos, podrían causar varios desbordamientos de búfer diferentes, que podrían ser explotados para una ejecución de código remota • https://bugzilla.redhat.com/show_bug.cgi?id=2028932 https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html https://security.gentoo.org/glsa/202208-15 https://www.openwall.com/lists/oss-security/2021/12/03/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •