Vulnerability-Lookup

alsa-2022:7444

Vulnerability from osv_almalinux

Published

2022-11-08 00:00

Modified

2022-11-12 03:10

Summary

Moderate: kernel-rt security and bug fix update

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)
Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)
use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)
Memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)
smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)
NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)
swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)
Uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)
Race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)
use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)
use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)
NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)
buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)
nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)
openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)
use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)
net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)
possible to use the debugger to write zero into a location of choice (CVE-2022-21499)
Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)
Memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)
Double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)
Use after free in SUNRPC subsystem (CVE-2022-28893)
use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)
DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)
nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2022:7444	ADVISORY
	https://access.redhat.com/security/cve/CVE-2020-36516	REPORT
	https://access.redhat.com/security/cve/CVE-2020-36558	REPORT
	https://access.redhat.com/security/cve/CVE-2021-30002	REPORT
	https://access.redhat.com/security/cve/CVE-2021-3640	REPORT
	https://access.redhat.com/security/cve/CVE-2022-0168	REPORT
	https://access.redhat.com/security/cve/CVE-2022-0617	REPORT
	https://access.redhat.com/security/cve/CVE-2022-0854	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1016	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1048	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1055	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1184	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1852	REPORT
	https://access.redhat.com/security/cve/CVE-2022-20368	REPORT
	https://access.redhat.com/security/cve/CVE-2022-2078	REPORT
	https://access.redhat.com/security/cve/CVE-2022-21499	REPORT
	https://access.redhat.com/security/cve/CVE-2022-24448	REPORT
	https://access.redhat.com/security/cve/CVE-2022-2586	REPORT
	https://access.redhat.com/security/cve/CVE-2022-26373	REPORT
	https://access.redhat.com/security/cve/CVE-2022-2639	REPORT
	https://access.redhat.com/security/cve/CVE-2022-27950	REPORT
	https://access.redhat.com/security/cve/CVE-2022-28390	REPORT
	https://access.redhat.com/security/cve/CVE-2022-28893	REPORT
	https://access.redhat.com/security/cve/CVE-2022-2938	REPORT
	https://access.redhat.com/security/cve/CVE-2022-29581	REPORT
	https://access.redhat.com/security/cve/CVE-2022-36946	REPORT
	https://bugzilla.redhat.com/1946279	REPORT
	https://bugzilla.redhat.com/1980646	REPORT
	https://bugzilla.redhat.com/2037386	REPORT
	https://bugzilla.redhat.com/2051444	REPORT
	https://bugzilla.redhat.com/2053632	REPORT
	https://bugzilla.redhat.com/2058395	REPORT
	https://bugzilla.redhat.com/2059928	REPORT
	https://bugzilla.redhat.com/2066614	REPORT
	https://bugzilla.redhat.com/2066706	REPORT
	https://bugzilla.redhat.com/2069408	REPORT
	https://bugzilla.redhat.com/2070205	REPORT
	https://bugzilla.redhat.com/2070220	REPORT
	https://bugzilla.redhat.com/2073064	REPORT
	https://bugzilla.redhat.com/2074208	REPORT
	https://bugzilla.redhat.com/2084183	REPORT
	https://bugzilla.redhat.com/2084479	REPORT
	https://bugzilla.redhat.com/2088021	REPORT
	https://bugzilla.redhat.com/2089815	REPORT
	https://bugzilla.redhat.com/2096178	REPORT
	https://bugzilla.redhat.com/2112693	REPORT
	https://bugzilla.redhat.com/2114878	REPORT
	https://bugzilla.redhat.com/2115065	REPORT
	https://bugzilla.redhat.com/2115278	REPORT
	https://bugzilla.redhat.com/2120175	REPORT
	https://bugzilla.redhat.com/2123695	REPORT
	https://errata.almalinux.org/8/ALSA-2022-7444.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-425.3.1.rt7.213.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-425.3.1.rt7.213.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-425.3.1.rt7.213.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-425.3.1.rt7.213.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-425.3.1.rt7.213.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-kvm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-425.3.1.rt7.213.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-425.3.1.rt7.213.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-debug-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-425.3.1.rt7.213.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-425.3.1.rt7.213.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-kvm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-425.3.1.rt7.213.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-425.3.1.rt7.213.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-rt-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-425.3.1.rt7.213.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim\u0027s TCP session (CVE-2020-36516)\n* Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n* Memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n* smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n* Uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n* Race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n* buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n* use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n* net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n* Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n* Memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n* Double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n* Use after free in SUNRPC subsystem (CVE-2022-28893)\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2022:7444",
  "modified": "2022-11-12T03:10:35Z",
  "published": "2022-11-08T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:7444"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2020-36516"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2020-36558"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-30002"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-3640"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-0168"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-0617"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-0854"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1016"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1048"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1055"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1184"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1852"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-20368"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2078"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-21499"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-24448"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2586"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-26373"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2639"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-27950"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-28390"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-28893"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2938"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-29581"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-36946"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/1946279"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/1980646"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2037386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2051444"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2053632"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2058395"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2059928"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2066614"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2066706"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2069408"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2070205"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2070220"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2073064"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2074208"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2084183"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2084479"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2088021"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2089815"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2096178"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2112693"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2114878"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2115065"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2115278"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2120175"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123695"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2022-7444.html"
    }
  ],
  "related": [
    "CVE-2020-36516",
    "CVE-2020-36558",
    "CVE-2021-3640",
    "CVE-2021-30002",
    "CVE-2022-0168",
    "CVE-2022-0617",
    "CVE-2022-0854",
    "CVE-2022-1016",
    "CVE-2022-1048",
    "CVE-2022-1055",
    "CVE-2022-1184",
    "CVE-2022-1852",
    "CVE-2022-2078",
    "CVE-2022-2586",
    "CVE-2022-2639",
    "CVE-2022-2938",
    "CVE-2022-20368",
    "CVE-2022-21499",
    "CVE-2022-26373",
    "CVE-2022-27950",
    "CVE-2022-28390",
    "CVE-2022-28893",
    "CVE-2022-29581",
    "CVE-2022-36946",
    "CVE-2022-24448"
  ],
  "summary": "Moderate: kernel-rt security and bug fix update"
}

CVE-2020-36516 (GCVE-0-2020-36516)

Vulnerability from cvelistv5 – Published: 2022-02-26 03:14 – Updated: 2024-08-04 17:30

Summary

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

2 references

URL	Tags
https://dl.acm.org/doi/10.1145/3372297.3417884	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2022033…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:30:08.304Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://dl.acm.org/doi/10.1145/3372297.3417884"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220331-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim\u0027s TCP session or terminate that session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-31T08:06:10.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://dl.acm.org/doi/10.1145/3372297.3417884"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220331-0003/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36516",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim\u0027s TCP session or terminate that session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://dl.acm.org/doi/10.1145/3372297.3417884",
              "refsource": "MISC",
              "url": "https://dl.acm.org/doi/10.1145/3372297.3417884"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220331-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220331-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36516",
    "datePublished": "2022-02-26T03:14:46.000Z",
    "dateReserved": "2022-02-26T00:00:00.000Z",
    "dateUpdated": "2024-08-04T17:30:08.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-36558 (GCVE-0-2020-36558)

Vulnerability from cvelistv5 – Published: 2022-07-21 03:46 – Updated: 2024-08-04 17:30

Summary

A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

2 references

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:30:08.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-21T03:46:33.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36558",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36558",
    "datePublished": "2022-07-21T03:46:33.000Z",
    "dateReserved": "2022-07-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T17:30:08.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-30002 (GCVE-0-2021-30002)

Vulnerability from cvelistv5 – Published: 2021-04-02 04:18 – Updated: 2024-08-03 22:24

Summary

An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

4 references

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=1184120	x_refsource_MISC
https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:24:59.350Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb18802a338b36f675a388fc03d2aa504a0d0899"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1184120"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.3"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-23T01:06:37.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb18802a338b36f675a388fc03d2aa504a0d0899"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1184120"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.3"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-30002",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb18802a338b36f675a388fc03d2aa504a0d0899",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb18802a338b36f675a388fc03d2aa504a0d0899"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1184120",
              "refsource": "MISC",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1184120"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.3",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.3"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-30002",
    "datePublished": "2021-04-02T04:18:01.000Z",
    "dateReserved": "2021-04-02T00:00:00.000Z",
    "dateUpdated": "2024-08-03T22:24:59.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3640 (GCVE-0-2021-3640)

Vulnerability from cvelistv5 – Published: 2022-03-03 22:04 – Updated: 2024-08-03 17:01

Summary

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.

Severity ?

No CVSS data available.

CWE

CWE-362 - - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), CWE-416 - Use After Free.

Assigner

redhat

References

9 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1980646	x_refsource_MISC
https://ubuntu.com/security/CVE-2021-3640	x_refsource_MISC
https://www.openwall.com/lists/oss-security/2021/…	x_refsource_MISC
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
https://github.com/torvalds/linux/commit/99c23da0…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5096	vendor-advisoryx_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-2022041…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
n/a	kernel	Affected: Affects kernel v5.15.3 and prior, Fixed in v5.16-rc1 and above.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:07.744Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980646"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/CVE-2021-3640"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2021/07/22/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16\u0026id=99c23da0eed4fd20cae8243f2b51e10e66aa0951"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
          },
          {
            "name": "DSA-5096",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5096"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220419-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Affects kernel v5.15.3 and prior, Fixed in v5.16-rc1 and above."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027), CWE-416 - Use After Free.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:06:25.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980646"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ubuntu.com/security/CVE-2021-3640"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2021/07/22/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16\u0026id=99c23da0eed4fd20cae8243f2b51e10e66aa0951"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
        },
        {
          "name": "DSA-5096",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5096"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220419-0003/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3640",
    "datePublished": "2022-03-03T22:04:15.000Z",
    "dateReserved": "2021-07-09T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:01:07.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0168 (GCVE-0-2022-0168)

Vulnerability from cvelistv5 – Published: 2022-08-26 17:25 – Updated: 2024-08-02 23:18

Summary

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.

Severity ?

No CVSS data available.

CWE

CWE-476 - - NULL Pointer Dereference

Assigner

redhat

References

3 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2037386	x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2022-0168	x_refsource_MISC
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	kernel	Affected: Affects v5.4–5.12, v5.13-rc+HEAD

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037386"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-0168"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Affects v5.4\u20135.12, v5.13-rc+HEAD"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service (DOS) issue was found in the Linux kernel\u2019s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 - NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-26T17:25:46.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037386"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2022-0168"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0168",
    "datePublished": "2022-08-26T17:25:46.000Z",
    "dateReserved": "2022-01-10T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:18:41.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0617 (GCVE-0-2022-0617)

Vulnerability from cvelistv5 – Published: 2022-02-16 16:38 – Updated: 2024-08-02 23:32

Summary

A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.

Severity ?

No CVSS data available.

CWE

CWE-476

Assigner

redhat

References

8 references

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
https://lore.kernel.org/lkml/20220114172329.ygzry…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5095	vendor-advisoryx_refsource_DEBIAN
https://www.debian.org/security/2022/dsa-5096	vendor-advisoryx_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2022/04/13/2	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
n/a	Kernel	Affected: Linux kernel 5.17-rc2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr%40quack3.lan/T/"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
          },
          {
            "name": "DSA-5095",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5095"
          },
          {
            "name": "DSA-5096",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5096"
          },
          {
            "name": "[oss-security] 20220413 CVE-2022-0617: udf:A null-ptr-deref bug be triggered when write to an ICB inode",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/13/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel 5.17-rc2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-13T17:06:43.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr%40quack3.lan/T/"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
        },
        {
          "name": "DSA-5095",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5095"
        },
        {
          "name": "DSA-5096",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5096"
        },
        {
          "name": "[oss-security] 20220413 CVE-2022-0617: udf:A null-ptr-deref bug be triggered when write to an ICB inode",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/13/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-0617",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Linux kernel 5.17-rc2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f"
            },
            {
              "name": "https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr@quack3.lan/T/",
              "refsource": "MISC",
              "url": "https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr@quack3.lan/T/"
            },
            {
              "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
            },
            {
              "name": "DSA-5095",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5095"
            },
            {
              "name": "DSA-5096",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5096"
            },
            {
              "name": "[oss-security] 20220413 CVE-2022-0617: udf:A null-ptr-deref bug be triggered when write to an ICB inode",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/13/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0617",
    "datePublished": "2022-02-16T16:38:03.000Z",
    "dateReserved": "2022-02-15T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:32:46.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0854 (GCVE-0-2022-0854)

Vulnerability from cvelistv5 – Published: 2022-03-23 19:46 – Updated: 2024-08-02 23:40

Summary

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

Severity ?

No CVSS data available.

CWE

CWE-200

Assigner

redhat

References

4 references

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
https://www.debian.org/security/2022/dsa-5161	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5173	vendor-advisoryx_refsource_DEBIAN

Impacted products

1 product

Vendor	Product	Version
n/a	Kernel	Affected: Linux kernel 5.17-rc8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:40:04.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13"
          },
          {
            "name": "DSA-5161",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5161"
          },
          {
            "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
          },
          {
            "name": "DSA-5173",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel 5.17-rc8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory leak flaw was found in the Linux kernel\u2019s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-04T10:11:26.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13"
        },
        {
          "name": "DSA-5161",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5161"
        },
        {
          "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
        },
        {
          "name": "DSA-5173",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-0854",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Linux kernel 5.17-rc8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory leak flaw was found in the Linux kernel\u2019s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13"
            },
            {
              "name": "DSA-5161",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5161"
            },
            {
              "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
            },
            {
              "name": "DSA-5173",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0854",
    "datePublished": "2022-03-23T19:46:15.000Z",
    "dateReserved": "2022-03-04T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:40:04.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1016 (GCVE-0-2022-1016)

Vulnerability from cvelistv5 – Published: 2022-08-29 14:03 – Updated: 2024-08-02 23:47

Summary

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Severity ?

No CVSS data available.

CWE

CWE-824 - - Access of Uninitialized Pointer.

Assigner

redhat

References

4 references

URL	Tags
http://blog.dbouman.nl/2022/04/02/How-The-Tables-…	x_refsource_MISC
https://seclists.org/oss-sec/2022/q1/205	x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=2066614	x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2022-1016	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Kernel	Affected: Affects v3.13-rc1 and later, Fixed in v5.18-rc1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:42.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/oss-sec/2022/q1/205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066614"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-1016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Affects v3.13-rc1 and later, Fixed in v5.18-rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle \u0027return\u0027 with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824 - Access of Uninitialized Pointer.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-29T14:03:06.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/oss-sec/2022/q1/205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066614"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2022-1016"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1016",
    "datePublished": "2022-08-29T14:03:06.000Z",
    "dateReserved": "2022-03-17T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:47:42.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1048 (GCVE-0-2022-1048)

Vulnerability from cvelistv5 – Published: 2022-04-29 15:34 – Updated: 2024-08-02 23:47

Summary

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Severity ?

No CVSS data available.

CWE

CWE-416

Assigner

redhat

References

5 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2066706	x_refsource_MISC
https://lore.kernel.org/lkml/20220322170720.3529-…	x_refsource_MISC
https://www.debian.org/security/2022/dsa-5127	vendor-advisoryx_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-2022062…	x_refsource_CONFIRM
https://www.debian.org/security/2022/dsa-5173	vendor-advisoryx_refsource_DEBIAN

Impacted products

1 product

Vendor	Product	Version
n/a	kernel	Affected: Linux kernel 5.17-rc9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:43.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai%40suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3"
          },
          {
            "name": "DSA-5127",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5127"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220629-0001/"
          },
          {
            "name": "DSA-5173",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel 5.17-rc9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free flaw was found in the Linux kernel\u2019s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-04T10:06:10.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai%40suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3"
        },
        {
          "name": "DSA-5127",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5127"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220629-0001/"
        },
        {
          "name": "DSA-5173",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-1048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Linux kernel 5.17-rc9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free flaw was found in the Linux kernel\u2019s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706"
            },
            {
              "name": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai@suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3",
              "refsource": "MISC",
              "url": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai@suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3"
            },
            {
              "name": "DSA-5127",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5127"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220629-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220629-0001/"
            },
            {
              "name": "DSA-5173",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1048",
    "datePublished": "2022-04-29T15:34:44.000Z",
    "dateReserved": "2022-03-22T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:47:43.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1055 (GCVE-0-2022-1055)

Vulnerability from cvelistv5 – Published: 2022-03-29 15:05 – Updated: 2024-08-02 23:47

Title

Use after Free in tc_new_tfilter allowing for privilege escalation in Linux Kernel

Summary

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

Severity ?

8.6 (High)


                        
                          CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

CWE

CWE-416 - Use After Free

Assigner

Google

References

5 references

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
https://syzkaller.appspot.com/bug?id=2212474c9589…	x_refsource_MISC
https://kernel.dance/#04c2a47ffb13c29778e2a14e414…	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2022050…	x_refsource_CONFIRM
http://packetstormsecurity.com/files/167386/Kerne…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Linux	Kernel	Affected: 0 , < v5.17-rc3 (custom) Unaffected: 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (git)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.17_rc3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-1055",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T17:47:41.220831Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T16:10:14.757Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:43.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kernel.dance/#04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220506-0007/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "v5.17-rc3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5",
              "versionType": "git"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5\u003c/p\u003e"
            }
          ],
          "value": "A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-21T04:00:52.197Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kernel.dance/#04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220506-0007/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Use after Free in tc_new_tfilter allowing for privilege escalation in Linux Kernel",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2022-1055",
          "STATE": "PUBLIC",
          "TITLE": "Use after Free in tc_new_tfilter allowing for privilege escalation in Linux Kernel"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e",
                            "version_value": "v5.1-rc1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416 Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5"
            },
            {
              "name": "https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc",
              "refsource": "MISC",
              "url": "https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc"
            },
            {
              "name": "https://kernel.dance/#04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5",
              "refsource": "MISC",
              "url": "https://kernel.dance/#04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220506-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220506-0007/"
            },
            {
              "name": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2022-1055",
    "datePublished": "2022-03-29T15:05:13.000Z",
    "dateReserved": "2022-03-22T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:47:43.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2022:7444

Vulnerability from osv_almalinux

CVE-2020-36516 (GCVE-0-2020-36516)

CVE-2020-36558 (GCVE-0-2020-36558)

CVE-2021-30002 (GCVE-0-2021-30002)

CVE-2021-3640 (GCVE-0-2021-3640)

CVE-2022-0168 (GCVE-0-2022-0168)

CVE-2022-0617 (GCVE-0-2022-0617)

CVE-2022-0854 (GCVE-0-2022-0854)

CVE-2022-1016 (GCVE-0-2022-1016)

CVE-2022-1048 (GCVE-0-2022-1048)

CVE-2022-1055 (GCVE-0-2022-1055)

Tags

Sightings

Nomenclature