CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2022-32292 – ConnMan received_data Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-32292
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. En ConnMan versiones hasta 1.41, los atacantes remotos capaces de enviar peticiones HTTP al componente gweb pueden explotar un desbordamiento de búfer en la región heap de la memoria en la función received_data para ejecutar código This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation of ConnMan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the received_data method. Crafted data in a HTTP response can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the ConnMan process. This vulnerability was demonstrated on a Tesla Model 3 during Pwn2Own 2022 Vancouver competition. • https://bugzilla.suse.com/show_bug.cgi?id=1200189 https://lore.kernel.org/connman/20220801080043.4861-5-wagi%40monom.org https://security.gentoo.org/glsa/202310-21 https://www.debian.org/security/2022/dsa-5231 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32293 – ConnMan wispr_portal_web_result wp_object Double Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-32293
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. En ConnMan versiones hasta 1.41, un ataque de tipo "man-in-the-middle" contra una consulta HTTP WISPR podría ser usado para desencadenar un uso de memoria previamente liberada en el manejo de WISPR, conllevando a bloqueos o ejecución de código This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ConnMan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wispr_portal_web_result method. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the ConnMan process. This vulnerability was demonstrated on a Tesla Model 3 during Pwn2Own 2022 Vancouver competition. • https://bugzilla.suse.com/show_bug.cgi?id=1200190 https://lore.kernel.org/connman/20220801080043.4861-1-wagi%40monom.org https://lore.kernel.org/connman/20220801080043.4861-3-wagi%40monom.org https://security.gentoo.org/glsa/202310-21 https://www.debian.org/security/2022/dsa-5231 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 288EXPL: 0CVE-2022-29901 – Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)
https://notcve.org/view.php?id=CVE-2022-29901
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. Las generaciones de microprocesadores Intel 6 a 8 están afectadas por una nueva variante de Spectre que es capaz de omitir su mitigación de retpoline en el kernel para filtrar datos arbitrarios. Un atacante con acceso de usuario no privilegiado puede secuestrar las instrucciones de retorno para lograr una ejecución arbitraria de código especulativo bajo determinadas condiciones dependientes de la microarquitectura A flaw was found in hw. Non-transparent sharing of branch predictor targets between contexts in some Intel(R) processors may potentially allow an authorized user to enable information disclosure via local access. • http://www.openwall.com/lists/oss-security/2022/07/12/2 http://www.openwall.com/lists/oss-security/2022/07/12/4 http://www.openwall.com/lists/oss-security/2022/07/12/5 http://www.openwall.com/lists/oss-security/2022/07/13/1 https://comsec.ethz.ch/retbleed https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24436
https://notcve.org/view.php?id=CVE-2022-24436
Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access. Un comportamiento observable en la regulación de la administración de la energía para algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente una divulgación de información por medio del acceso a la red • https://security.netapp.com/advisory/ntap-20220624-0007 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 814EXPL: 0CVE-2022-21180
https://notcve.org/view.php?id=CVE-2022-21180
Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. Una comprobación inapropiada de entradas en algunos procesadores Intel(R) puede permitir que un usuario autenticado cause potencialmente una denegación de servicio por medio de acceso local • http://www.openwall.com/lists/oss-security/2022/06/16/1 https://security.netapp.com/advisory/ntap-20220624-0006 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html • CWE-20: Improper Input Validation •