Vulnerability-Lookup

alsa-2023:2148

Vulnerability from osv_almalinux

Published

2023-05-09 00:00

Modified

2023-05-11 14:31

Summary

Important: kernel-rt security and bug fix update

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)
net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)
hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341)
malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)
possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462)
KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)
use-after-free in free_pipe_info() could lead to privilege escalation (CVE-2022-1882)
KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)
netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663)
race condition in xfrm_probe_algs can lead to OOB read/write (CVE-2022-3028)
out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c (CVE-2022-3435)
race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522)
memory leak in ipv6_renew_options() (CVE-2022-3524)
data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566)
data races around sk->sk_prot (CVE-2022-3567)
memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619)
denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623)
use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625)
USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)
use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c (CVE-2022-3640)
Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707)
mptcp: NULL pointer dereference in subflow traversal at disconnect time (CVE-2022-4128)
l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference (CVE-2022-4129)
igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141)
lockdown bypass using IMA (CVE-2022-21505)
double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)
network backend may cause Linux netfront to use freed SKBs (XSA-405) (CVE-2022-33743)
unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188)
TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning (CVE-2022-39189)
u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674)
use-after-free related to leaf anon_vma double reuse (CVE-2022-42703)
use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720)
BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721)
Denial of service in beacon protection for P2P-device (CVE-2022-42722)
memory corruption in usbmon driver (CVE-2022-43750)
NULL pointer dereference in traffic control subsystem (CVE-2022-47929)
NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394)
use-after-free due to race condition in qdisc_graft() (CVE-2023-0590)
use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195)
denial of service in tipc_conn_close (CVE-2023-1382)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:2148	ADVISORY
	https://access.redhat.com/security/cve/CVE-2021-26341	REPORT
	https://access.redhat.com/security/cve/CVE-2021-33655	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1462	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1789	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1882	REPORT
	https://access.redhat.com/security/cve/CVE-2022-20141	REPORT
	https://access.redhat.com/security/cve/CVE-2022-21505	REPORT
	https://access.redhat.com/security/cve/CVE-2022-2196	REPORT
	https://access.redhat.com/security/cve/CVE-2022-2663	REPORT
	https://access.redhat.com/security/cve/CVE-2022-28388	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3028	REPORT
	https://access.redhat.com/security/cve/CVE-2022-33743	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3435	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3522	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3524	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3566	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3567	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3619	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3623	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3625	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3628	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3640	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3707	REPORT
	https://access.redhat.com/security/cve/CVE-2022-39188	REPORT
	https://access.redhat.com/security/cve/CVE-2022-39189	REPORT
	https://access.redhat.com/security/cve/CVE-2022-4128	REPORT
	https://access.redhat.com/security/cve/CVE-2022-4129	REPORT
	https://access.redhat.com/security/cve/CVE-2022-41674	REPORT
	https://access.redhat.com/security/cve/CVE-2022-42703	REPORT
	https://access.redhat.com/security/cve/CVE-2022-42720	REPORT
	https://access.redhat.com/security/cve/CVE-2022-42721	REPORT
	https://access.redhat.com/security/cve/CVE-2022-42722	REPORT
	https://access.redhat.com/security/cve/CVE-2022-42896	REPORT
	https://access.redhat.com/security/cve/CVE-2022-43750	REPORT
	https://access.redhat.com/security/cve/CVE-2022-47929	REPORT
	https://access.redhat.com/security/cve/CVE-2023-0394	REPORT
	https://access.redhat.com/security/cve/CVE-2023-0461	REPORT
	https://access.redhat.com/security/cve/CVE-2023-0590	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1195	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1382	REPORT
	https://bugzilla.redhat.com/2061703	REPORT
	https://bugzilla.redhat.com/2073091	REPORT
	https://bugzilla.redhat.com/2078466	REPORT
	https://bugzilla.redhat.com/2089701	REPORT
	https://bugzilla.redhat.com/2090723	REPORT
	https://bugzilla.redhat.com/2106830	REPORT
	https://bugzilla.redhat.com/2107924	REPORT
	https://bugzilla.redhat.com/2108691	REPORT
	https://bugzilla.redhat.com/2114937	REPORT
	https://bugzilla.redhat.com/2122228	REPORT
	https://bugzilla.redhat.com/2123056	REPORT
	https://bugzilla.redhat.com/2124788	REPORT
	https://bugzilla.redhat.com/2130141	REPORT
	https://bugzilla.redhat.com/2133483	REPORT
	https://bugzilla.redhat.com/2133490	REPORT
	https://bugzilla.redhat.com/2134377	REPORT
	https://bugzilla.redhat.com/2134380	REPORT
	https://bugzilla.redhat.com/2134451	REPORT
	https://bugzilla.redhat.com/2134506	REPORT
	https://bugzilla.redhat.com/2134517	REPORT
	https://bugzilla.redhat.com/2134528	REPORT
	https://bugzilla.redhat.com/2137979	REPORT
	https://bugzilla.redhat.com/2139610	REPORT
	https://bugzilla.redhat.com/2143893	REPORT
	https://bugzilla.redhat.com/2143943	REPORT
	https://bugzilla.redhat.com/2144720	REPORT
	https://bugzilla.redhat.com/2147364	REPORT
	https://bugzilla.redhat.com/2150947	REPORT
	https://bugzilla.redhat.com/2150960	REPORT
	https://bugzilla.redhat.com/2150979	REPORT
	https://bugzilla.redhat.com/2151270	REPORT
	https://bugzilla.redhat.com/2154171	REPORT
	https://bugzilla.redhat.com/2154235	REPORT
	https://bugzilla.redhat.com/2160023	REPORT
	https://bugzilla.redhat.com/2162120	REPORT
	https://bugzilla.redhat.com/2165721	REPORT
	https://bugzilla.redhat.com/2165741	REPORT
	https://bugzilla.redhat.com/2168246	REPORT
	https://bugzilla.redhat.com/2176192	REPORT
	https://bugzilla.redhat.com/2177371	REPORT
	https://errata.almalinux.org/9/ALSA-2023-2148.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-kvm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-modules-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-kvm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-modules-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-284.11.1.rt14.296.el9_2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)\n* net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)\n* hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341)\n* malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)\n* possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462)\n* KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)\n* use-after-free in free_pipe_info() could lead to privilege escalation (CVE-2022-1882)\n* KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)\n* netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663)\n* race condition in xfrm_probe_algs can lead to OOB read/write (CVE-2022-3028)\n* out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c (CVE-2022-3435)\n* race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522)\n* memory leak in ipv6_renew_options() (CVE-2022-3524)\n* data races around icsk-\u003eicsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566)\n* data races around sk-\u003esk_prot (CVE-2022-3567)\n* memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619)\n* denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623)\n* use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625)\n* USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)\n* use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c (CVE-2022-3640)\n* Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707)\n* mptcp: NULL pointer dereference in subflow traversal at disconnect time (CVE-2022-4128)\n* l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference (CVE-2022-4129)\n* igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141)\n* lockdown bypass using IMA (CVE-2022-21505)\n* double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)\n* network backend may cause Linux netfront to use freed SKBs (XSA-405) (CVE-2022-33743)\n* unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188)\n* TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning (CVE-2022-39189)\n* u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674)\n* use-after-free related to leaf anon_vma double reuse (CVE-2022-42703)\n* use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720)\n* BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721)\n* Denial of service in beacon protection for P2P-device (CVE-2022-42722)\n* memory corruption in usbmon driver (CVE-2022-43750)\n* NULL pointer dereference in traffic control subsystem (CVE-2022-47929)\n* NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394)\n* use-after-free due to race condition in qdisc_graft() (CVE-2023-0590)\n* use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195)\n* denial of service in tipc_conn_close (CVE-2023-1382)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2023:2148",
  "modified": "2023-05-11T14:31:35Z",
  "published": "2023-05-09T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:2148"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-26341"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-33655"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1462"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1789"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1882"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-20141"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-21505"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2196"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2663"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-28388"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3028"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-33743"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3435"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3522"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3524"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3566"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3567"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3619"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3623"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3625"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3628"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3640"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3707"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-39188"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-39189"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-4128"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-4129"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-41674"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42703"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42720"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42721"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42722"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42896"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-43750"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-47929"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0394"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0461"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0590"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1195"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1382"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2061703"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2073091"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2078466"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2089701"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2090723"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2106830"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2107924"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2108691"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2114937"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2122228"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123056"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2124788"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2130141"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2133483"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2133490"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2134377"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2134380"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2134451"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2134506"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2134517"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2134528"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2137979"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2139610"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2143893"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2143943"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2144720"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2147364"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2150947"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2150960"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2150979"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2151270"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2154171"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2154235"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2160023"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2162120"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2165721"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2165741"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2168246"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2176192"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2177371"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2023-2148.html"
    }
  ],
  "related": [
    "CVE-2022-42896",
    "CVE-2023-0461",
    "CVE-2021-26341",
    "CVE-2021-33655",
    "CVE-2022-1462",
    "CVE-2022-1789",
    "CVE-2022-1882",
    "CVE-2022-2196",
    "CVE-2022-2663",
    "CVE-2022-3028",
    "CVE-2022-3435",
    "CVE-2022-3522",
    "CVE-2022-3524",
    "CVE-2022-3566",
    "CVE-2022-3567",
    "CVE-2022-3619",
    "CVE-2022-3623",
    "CVE-2022-3625",
    "CVE-2022-3628",
    "CVE-2022-3640",
    "CVE-2022-3707",
    "CVE-2022-4128",
    "CVE-2022-4129",
    "CVE-2022-20141",
    "CVE-2022-21505",
    "CVE-2022-28388",
    "CVE-2022-33743",
    "CVE-2022-39188",
    "CVE-2022-39189",
    "CVE-2022-41674",
    "CVE-2022-42703",
    "CVE-2022-42720",
    "CVE-2022-42721",
    "CVE-2022-42722",
    "CVE-2022-43750",
    "CVE-2022-47929",
    "CVE-2023-0394",
    "CVE-2023-0590",
    "CVE-2023-1195",
    "CVE-2023-1382"
  ],
  "summary": "Important: kernel-rt security and bug fix update"
}

CVE-2021-26341 (GCVE-0-2021-26341)

Vulnerability from cvelistv5 – Published: 2022-03-11 17:54 – Updated: 2024-09-16 20:16

Summary

Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.

Severity ?

No CVSS data available.

CWE

Assigner

AMD

References

2 references

URL	Tags
https://www.amd.com/en/corporate/product-security…	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/03/18/2	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
AMD	AMD Processors	Unaffected: Processor Zen 3

Date Public ?

2022-03-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:24.678Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026"
          },
          {
            "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AMD Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Processor  Zen 3"
            }
          ]
        }
      ],
      "datePublic": "2022-03-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "NA",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-18T17:06:13.000Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026"
        },
        {
          "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@amd.com",
          "DATE_PUBLIC": "2022-03-08T20:00:00.000Z",
          "ID": "CVE-2021-26341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AMD Processors",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "!",
                            "version_name": "Processor",
                            "version_value": "Zen 3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "AMD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "NA"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026",
              "refsource": "MISC",
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026"
            },
            {
              "name": "[oss-security] 20220318 Xen Security Advisory 398 v2 - Multiple speculative security issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/03/18/2"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26341",
    "datePublished": "2022-03-11T17:54:35.055Z",
    "dateReserved": "2021-01-29T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:16:42.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33655 (GCVE-0-2021-33655)

Vulnerability from cvelistv5 – Published: 2022-07-18 14:45 – Updated: 2024-08-03 23:58

Summary

When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.

Severity ?

No CVSS data available.

CWE

CWE-787 - Out-of-bounds Write

Assigner

openEuler

References

4 references

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/07/19/2	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5191	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
n/a	kernel	Affected: 5.18 5.19.0-rc1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:58:22.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4"
          },
          {
            "name": "[oss-security] 20220719 CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/07/19/2"
          },
          {
            "name": "DSA-5191",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5191"
          },
          {
            "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "5.18 5.19.0-rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-02T18:06:20.000Z",
        "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "shortName": "openEuler"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4"
        },
        {
          "name": "[oss-security] 20220719 CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/07/19/2"
        },
        {
          "name": "DSA-5191",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5191"
        },
        {
          "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "securities@openeuler.org",
          "ID": "CVE-2021-33655",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.18 5.19.0-rc1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787: Out-of-bounds Write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4"
            },
            {
              "name": "[oss-security] 20220719 CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/07/19/2"
            },
            {
              "name": "DSA-5191",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5191"
            },
            {
              "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
    "assignerShortName": "openEuler",
    "cveId": "CVE-2021-33655",
    "datePublished": "2022-07-18T14:45:50.000Z",
    "dateReserved": "2021-05-28T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:58:22.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1462 (GCVE-0-2022-1462)

Vulnerability from cvelistv5 – Published: 2022-05-31 00:00 – Updated: 2024-08-03 00:03

Summary

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

Severity ?

No CVSS data available.

CWE

CWE-362

Assigner

redhat

References

3 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2078466
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://seclists.org/oss-sec/2022/q2/155

Impacted products

1 product

Vendor	Product	Version
n/a	kernel	Affected: no information yet

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:03:06.282Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078466"
          },
          {
            "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://seclists.org/oss-sec/2022/q2/155"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "no information yet"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds read flaw was found in the Linux kernel\u2019s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-17T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078466"
        },
        {
          "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
        },
        {
          "url": "https://seclists.org/oss-sec/2022/q2/155"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1462",
    "datePublished": "2022-05-31T00:00:00.000Z",
    "dateReserved": "2022-04-25T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:03:06.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1789 (GCVE-0-2022-1789)

Vulnerability from cvelistv5 – Published: 2022-05-31 18:48 – Updated: 2024-08-03 00:16

Summary

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

Severity ?

No CVSS data available.

CWE

CWE-476

Assigner

redhat

References

7 references

URL	Tags
https://francozappa.github.io/about-bias/	x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1832397	x_refsource_MISC
https://kb.cert.org/vuls/id/647177/	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://www.debian.org/security/2022/dsa-5161	vendor-advisoryx_refsource_DEBIAN

Impacted products

1 product

Vendor	Product	Version
n/a	kernel	Affected: no patch information available yet

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:16:59.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://francozappa.github.io/about-bias/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1832397"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.cert.org/vuls/id/647177/"
          },
          {
            "name": "FEDORA-2022-ef8c8a5925",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBUOQTNTQ4ZCXHOCNKYIL2ZUIAZ675RD/"
          },
          {
            "name": "FEDORA-2022-be819b07a3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KCEAPIVPRTJHKPF2A2HVF5XHD5XJT3MN/"
          },
          {
            "name": "FEDORA-2022-3b86247c11",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6JP355XFVAB33X4BNO3ERVTURFYEDB7/"
          },
          {
            "name": "DSA-5161",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5161"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "no patch information available yet"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-13T10:06:14.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://francozappa.github.io/about-bias/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1832397"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.cert.org/vuls/id/647177/"
        },
        {
          "name": "FEDORA-2022-ef8c8a5925",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBUOQTNTQ4ZCXHOCNKYIL2ZUIAZ675RD/"
        },
        {
          "name": "FEDORA-2022-be819b07a3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KCEAPIVPRTJHKPF2A2HVF5XHD5XJT3MN/"
        },
        {
          "name": "FEDORA-2022-3b86247c11",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6JP355XFVAB33X4BNO3ERVTURFYEDB7/"
        },
        {
          "name": "DSA-5161",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5161"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-1789",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "no patch information available yet"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://francozappa.github.io/about-bias/",
              "refsource": "MISC",
              "url": "https://francozappa.github.io/about-bias/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1832397",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1832397"
            },
            {
              "name": "https://kb.cert.org/vuls/id/647177/",
              "refsource": "MISC",
              "url": "https://kb.cert.org/vuls/id/647177/"
            },
            {
              "name": "FEDORA-2022-ef8c8a5925",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBUOQTNTQ4ZCXHOCNKYIL2ZUIAZ675RD/"
            },
            {
              "name": "FEDORA-2022-be819b07a3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KCEAPIVPRTJHKPF2A2HVF5XHD5XJT3MN/"
            },
            {
              "name": "FEDORA-2022-3b86247c11",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6JP355XFVAB33X4BNO3ERVTURFYEDB7/"
            },
            {
              "name": "DSA-5161",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5161"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1789",
    "datePublished": "2022-05-31T18:48:00.000Z",
    "dateReserved": "2022-05-18T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:16:59.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1882 (GCVE-0-2022-1882)

Vulnerability from cvelistv5 – Published: 2022-05-26 00:00 – Updated: 2024-08-03 00:17

Summary

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Severity ?

No CVSS data available.

CWE

CWE-416

Assigner

redhat

References

3 references

URL	Tags
https://lore.kernel.org/lkml/20220507115605.96775…
https://bugzilla.redhat.com/show_bug.cgi?id=2089701
https://security.netapp.com/advisory/ntap-2022071…

Impacted products

1 product

Vendor	Product	Version
n/a	kernel	Affected: Linux kernel 5.18-rc8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:17:00.907Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/lkml/20220507115605.96775-1-tcs.kernel%40gmail.com/T/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089701"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220715-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel 5.18-rc8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free flaw was found in the Linux kernel\u2019s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://lore.kernel.org/lkml/20220507115605.96775-1-tcs.kernel%40gmail.com/T/"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089701"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220715-0002/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1882",
    "datePublished": "2022-05-26T00:00:00.000Z",
    "dateReserved": "2022-05-25T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:17:00.907Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-20141 (GCVE-0-2022-20141)

Vulnerability from cvelistv5 – Published: 2022-06-15 13:02 – Updated: 2024-08-03 02:02

Summary

In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel

Severity ?

No CVSS data available.

CWE

Elevation of privilege

Assigner

google_android

References

1 reference

URL	Tags
https://source.android.com/security/bulletin/2022-06-01	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Android	Affected: Android kernel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:02:30.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2022-06-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Android kernel"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-15T13:02:23.000Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://source.android.com/security/bulletin/2022-06-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2022-20141",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Android kernel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2022-06-01",
              "refsource": "MISC",
              "url": "https://source.android.com/security/bulletin/2022-06-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2022-20141",
    "datePublished": "2022-06-15T13:02:23.000Z",
    "dateReserved": "2021-10-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T02:02:30.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-21505 (GCVE-0-2022-21505)

Vulnerability from cvelistv5 – Published: 2024-12-24 18:48 – Updated: 2024-12-27 16:52

Summary

In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Severity ?

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Assigner

oracle

References

2 references

URL	Tags
https://git.kernel.org/linus/543ce63b664e2c2f9533…	issue-tracking
https://linux.oracle.com/cve/CVE-2022-21505.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	Oracle Linux	Affected: Oracle Linux: 7 Affected: Oracle Linux: 8 Affected: Oracle Linux: 9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21505",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-27T16:51:57.672286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-346",
                "description": "CWE-346 Origin Validation Error",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-27T16:52:05.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Linux",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Linux: 7"
            },
            {
              "status": "affected",
              "version": "Oracle Linux: 8"
            },
            {
              "status": "affected",
              "version": "Oracle Linux: 9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the linux kernel, if IMA appraisal is used with the \"ima_appraise=log\" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting \"ima_appraise=log\" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "In the linux kernel, if IMA appraisal is used with the \"ima_appraise=log\" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting \"ima_appraise=log\" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-24T18:48:23.588Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Github commit",
          "tags": [
            "issue-tracking"
          ],
          "url": "https://git.kernel.org/linus/543ce63b664e2c2f9533d089a4664b559c3e6b5b"
        },
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://linux.oracle.com/cve/CVE-2022-21505.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21505",
    "datePublished": "2024-12-24T18:48:23.588Z",
    "dateReserved": "2021-11-15T19:29:08.891Z",
    "dateUpdated": "2024-12-27T16:52:05.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2196 (GCVE-0-2022-2196)

Vulnerability from cvelistv5 – Published: 2023-01-09 10:59 – Updated: 2025-02-13 16:28

Title

Speculative execution attacks in KVM VMX

Summary

A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

CWE

CWE-1188 - Insecure Default Initialization of Resource

Assigner

Google

References

3 references

URL	Tags
https://kernel.dance/#2e7eab81425a
https://git.kernel.org/pub/scm/linux/kernel/git/t…
https://lists.debian.org/debian-lts-announce/2023…

Impacted products

1 product

Vendor	Product	Version
Linux	Linux Kernel	Affected: 0 , < 2e7eab81425a (git) Affected: 0 , < 6.2 (custom)

Date Public ?

2022-10-18 22:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:32:08.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20230223-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kernel.dance/#2e7eab81425a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2196",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T15:07:47.721131Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T15:08:01.626Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "KVM",
          "product": "Linux Kernel",
          "repo": "https://git.kernel.org/",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2e7eab81425a",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            },
            {
              "lessThan": "6.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-10-18T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eL2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn\u0027t need retpolines or IBPB\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eafter running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit\u0026nbsp;2e7eab81425a\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\u00a0L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn\u0027t need retpolines or IBPB\u00a0after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit\u00a02e7eab81425a"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-30",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-30 Hijacking a Privileged Thread of Execution"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188 Insecure Default Initialization of Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T00:06:59.149Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://kernel.dance/#2e7eab81425a"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Speculative execution attacks in KVM VMX",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2022-2196",
    "datePublished": "2023-01-09T10:59:53.099Z",
    "dateReserved": "2022-06-24T13:29:09.969Z",
    "dateUpdated": "2025-02-13T16:28:57.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2663 (GCVE-0-2022-2663)

Vulnerability from cvelistv5 – Published: 2022-09-01 00:00 – Updated: 2024-08-03 00:46

Summary

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

Severity ?

No CVSS data available.

CWE

CWE-923

Assigner

redhat

References

7 references

URL	Tags
https://www.openwall.com/lists/oss-security/2022/…
https://lore.kernel.org/netfilter-devel/202208260…
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663
https://www.youtube.com/watch?v=WIq-YgQuYCA
https://www.debian.org/security/2022/dsa-5257	vendor-advisory
https://lists.debian.org/debian-lts-announce/2022…	mailing-list

Impacted products

1 product

Vendor	Product	Version
n/a	Linux kernel	Affected: unknown

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:46:04.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/08/30/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/"
          },
          {
            "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.youtube.com/watch?v=WIq-YgQuYCA"
          },
          {
            "name": "DSA-5257",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5257"
          },
          {
            "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "unknown"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-923",
              "description": "CWE-923",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-01T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.openwall.com/lists/oss-security/2022/08/30/1"
        },
        {
          "url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/"
        },
        {
          "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
        },
        {
          "url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663"
        },
        {
          "url": "https://www.youtube.com/watch?v=WIq-YgQuYCA"
        },
        {
          "name": "DSA-5257",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5257"
        },
        {
          "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2663",
    "datePublished": "2022-09-01T00:00:00.000Z",
    "dateReserved": "2022-08-04T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:46:04.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28388 (GCVE-0-2022-28388)

Vulnerability from cvelistv5 – Published: 2022-04-03 20:07 – Updated: 2025-05-05 16:21

Summary

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

7 references

URL	Tags
https://github.com/torvalds/linux/commit/3d3925ff…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://www.debian.org/security/2022/dsa-5127	vendor-advisoryx_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-2022051…	x_refsource_CONFIRM
https://www.debian.org/security/2022/dsa-5173	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:56:14.998Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2"
          },
          {
            "name": "FEDORA-2022-af492757d9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/"
          },
          {
            "name": "FEDORA-2022-5cd9d787dc",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/"
          },
          {
            "name": "FEDORA-2022-91633399ff",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/"
          },
          {
            "name": "DSA-5127",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5127"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220513-0001/"
          },
          {
            "name": "DSA-5173",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5173"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-28388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:21:03.014768Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-415",
                "description": "CWE-415 Double Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:21:52.141Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-04T10:10:18.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2"
        },
        {
          "name": "FEDORA-2022-af492757d9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/"
        },
        {
          "name": "FEDORA-2022-5cd9d787dc",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/"
        },
        {
          "name": "FEDORA-2022-91633399ff",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/"
        },
        {
          "name": "DSA-5127",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5127"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220513-0001/"
        },
        {
          "name": "DSA-5173",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-28388",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2"
            },
            {
              "name": "FEDORA-2022-af492757d9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/"
            },
            {
              "name": "FEDORA-2022-5cd9d787dc",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/"
            },
            {
              "name": "FEDORA-2022-91633399ff",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/"
            },
            {
              "name": "DSA-5127",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5127"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220513-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220513-0001/"
            },
            {
              "name": "DSA-5173",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28388",
    "datePublished": "2022-04-03T20:07:39.000Z",
    "dateReserved": "2022-04-03T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:21:52.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2023:2148

Vulnerability from osv_almalinux

CVE-2021-26341 (GCVE-0-2021-26341)

CVE-2021-33655 (GCVE-0-2021-33655)

CVE-2022-1462 (GCVE-0-2022-1462)

CVE-2022-1789 (GCVE-0-2022-1789)

CVE-2022-1882 (GCVE-0-2022-1882)

CVE-2022-20141 (GCVE-0-2022-20141)

CVE-2022-21505 (GCVE-0-2022-21505)

CVE-2022-2196 (GCVE-0-2022-2196)

CVE-2022-2663 (GCVE-0-2022-2663)

CVE-2022-28388 (GCVE-0-2022-28388)

Tags

Sightings

Nomenclature