certfr_avis - certfr-2022-avi-922

CERTFR-2022-AVI-922

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP 12-SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE	N/A	SUSE Linux Enterprise High Availability 12-SP5
SUSE	N/A	SUSE OpenStack Cloud Crowbar 9
SUSE	SUSE Manager Retail Branch Server	SUSE Manager Retail Branch Server 4.3
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 12-SP5
SUSE	openSUSE Leap	openSUSE Leap 15.4
SUSE	N/A	SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP5
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE	N/A	SUSE Linux Enterprise Module for Public Cloud 15-SP4
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 12-SP5
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE	SUSE Manager Proxy	SUSE Manager Proxy 4.3
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 12-SP4
SUSE	N/A	SUSE OpenStack Cloud 9
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15-SP4
SUSE	N/A	SUSE Linux Enterprise High Availability 12-SP4
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 12-SP4
SUSE	SUSE Manager Server	SUSE Manager Server 4.3
SUSE	SUSE Linux Enterprise Desktop	SUSE Linux Enterprise Desktop 12-SP5
SUSE	N/A	SUSE Linux Enterprise Workstation Extension 12-SP5

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE SUSE-SU-2022:3585-1 du 14 octobre 2022	None	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2022:3587-1 du 14 octobre 2022	None	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2022:3586-1 du 14 octobre 2022	None	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2022:3584-1 du 14 octobre 2022	None	vendor-advisory
Bulletin de sécurité SUSE du 14 octobre 2022	-	other
Bulletin de sécurité SUSE du 14 octobre 2022	-	other
Bulletin de sécurité SUSE du 14 octobre 2022	-	other
Bulletin de sécurité SUSE du 14 octobre 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Server for SAP 12-SP4",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP4-LTSS",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability 12-SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE OpenStack Cloud Crowbar 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Retail Branch Server 4.3",
      "product": {
        "name": "SUSE Manager Retail Branch Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "openSUSE Leap 15.4",
      "product": {
        "name": "openSUSE Leap",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP Applications 15-SP4",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Module for Public Cloud 15-SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing 15-SP4",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP Applications 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Proxy 4.3",
      "product": {
        "name": "SUSE Manager Proxy",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing 12-SP4",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE OpenStack Cloud 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP4",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 15-SP4",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability 12-SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 12-SP4",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Server 4.3",
      "product": {
        "name": "SUSE Manager Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Desktop 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Desktop",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-39189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
    },
    {
      "name": "CVE-2022-3239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3239"
    },
    {
      "name": "CVE-2022-41218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
    },
    {
      "name": "CVE-2022-41849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
    },
    {
      "name": "CVE-2022-2663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
    },
    {
      "name": "CVE-2022-2586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
    },
    {
      "name": "CVE-2022-41848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41848"
    },
    {
      "name": "CVE-2022-39188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
    },
    {
      "name": "CVE-2022-20008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20008"
    },
    {
      "name": "CVE-2022-3202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3202"
    },
    {
      "name": "CVE-2022-3303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3303"
    },
    {
      "name": "CVE-2022-2503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2503"
    },
    {
      "name": "CVE-2022-1263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1263"
    }
  ],
  "initial_release_date": "2022-10-17T00:00:00",
  "last_revision_date": "2022-10-17T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE du 14\u00a0octobre 2022",
      "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223585-1/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE du 14\u00a0octobre 2022",
      "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223586-1/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE du 14\u00a0octobre 2022",
      "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223587-1/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE du 14\u00a0octobre 2022",
      "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223584-1/"
    }
  ],
  "reference": "CERTFR-2022-AVI-922",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:3585-1 du 14 octobre 2022",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:3587-1 du 14 octobre 2022",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:3586-1 du 14 octobre 2022",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2022:3584-1 du 14 octobre 2022",
      "url": null
    }
  ]
}

CVE-2022-3303 (GCVE-0-2022-3303)

Vulnerability from cvelistv5

Published

2022-09-27 00:00

Modified

2025-05-21 15:31

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-667 - ->CWE-362->CWE-476

Summary

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d
	https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA%40mail.gmail.com/
	https://www.debian.org/security/2022/dsa-5257	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	Linux kernel	Version: Fixed in kernel 6.0-rc5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:07:06.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA%40mail.gmail.com/"
          },
          {
            "name": "DSA-5257",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5257"
          },
          {
            "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-3303",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-21T15:31:25.170645Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-21T15:31:49.941Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in kernel 6.0-rc5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-667",
              "description": "CWE-667-\u003eCWE-362-\u003eCWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-01T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d"
        },
        {
          "url": "https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA%40mail.gmail.com/"
        },
        {
          "name": "DSA-5257",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5257"
        },
        {
          "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-3303",
    "datePublished": "2022-09-27T00:00:00.000Z",
    "dateReserved": "2022-09-26T00:00:00.000Z",
    "dateUpdated": "2025-05-21T15:31:49.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41849 (GCVE-0-2022-41849)

Vulnerability from cvelistv5

Published

2022-09-30 00:00

Modified

2024-08-03 12:56

Severity ?

CWE

Summary

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.

References

URL

Tags

	https://lore.kernel.org/all/20220925133243.GA383897%40ubuntu/T/
	https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html	mailing-list
	https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html	mailing-list
	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5610bcfe8693c02e2e4c8b31427f1bdbdecc839c

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/all/20220925133243.GA383897%40ubuntu/T/"
          },
          {
            "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
          },
          {
            "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5610bcfe8693c02e2e4c8b31427f1bdbdecc839c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T00:40:34.370971",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lore.kernel.org/all/20220925133243.GA383897%40ubuntu/T/"
        },
        {
          "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html"
        },
        {
          "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5610bcfe8693c02e2e4c8b31427f1bdbdecc839c"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-41849",
    "datePublished": "2022-09-30T00:00:00",
    "dateReserved": "2022-09-30T00:00:00",
    "dateUpdated": "2024-08-03T12:56:38.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-20008 (GCVE-0-2022-20008)

Vulnerability from cvelistv5

Published

2022-05-10 19:56

Modified

2024-08-03 01:55

Severity ?

CWE

Information disclosure

Summary

In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel

References

URL

Tags

https://source.android.com/security/bulletin/2022-05-01

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Android	Version: Android kernel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:55:46.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2022-05-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Android kernel"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-10T19:56:49",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://source.android.com/security/bulletin/2022-05-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2022-20008",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Android kernel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2022-05-01",
              "refsource": "MISC",
              "url": "https://source.android.com/security/bulletin/2022-05-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2022-20008",
    "datePublished": "2022-05-10T19:56:49",
    "dateReserved": "2021-10-06T00:00:00",
    "dateUpdated": "2024-08-03T01:55:46.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2663 (GCVE-0-2022-2663)

Vulnerability from cvelistv5

Published

2022-09-01 00:00

Modified

2024-08-03 00:46

Severity ?

CWE

CWE-923

Summary

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

References

URL

Tags

	https://www.openwall.com/lists/oss-security/2022/08/30/1
	https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/
	https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html	mailing-list
	https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663
	https://www.youtube.com/watch?v=WIq-YgQuYCA
	https://www.debian.org/security/2022/dsa-5257	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	Linux kernel	Version: unknown

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:46:04.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/08/30/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/"
          },
          {
            "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.youtube.com/watch?v=WIq-YgQuYCA"
          },
          {
            "name": "DSA-5257",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5257"
          },
          {
            "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "unknown"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-923",
              "description": "CWE-923",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-01T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.openwall.com/lists/oss-security/2022/08/30/1"
        },
        {
          "url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/"
        },
        {
          "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
        },
        {
          "url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663"
        },
        {
          "url": "https://www.youtube.com/watch?v=WIq-YgQuYCA"
        },
        {
          "name": "DSA-5257",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5257"
        },
        {
          "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2663",
    "datePublished": "2022-09-01T00:00:00",
    "dateReserved": "2022-08-04T00:00:00",
    "dateUpdated": "2024-08-03T00:46:04.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1263 (GCVE-0-2022-1263)

Vulnerability from cvelistv5

Published

2022-08-31 15:33

Modified

2024-08-02 23:55

Severity ?

CWE

CWE-476 - - NULL Pointer Dereference.

Summary

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=2072698	x_refsource_MISC
	https://www.openwall.com/lists/oss-security/2022/04/07/1	x_refsource_MISC
	https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4	x_refsource_MISC
	https://access.redhat.com/security/cve/CVE-2022-1263	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Kernel:KVM	Version: Fixed in kernel v5.18-rc3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:55:24.614Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072698"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/04/07/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-1263"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel:KVM",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in kernel v5.18-rc3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 - NULL Pointer Dereference.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-31T15:33:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072698"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2022/04/07/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2022-1263"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-1263",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kernel:KVM",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in kernel v5.18-rc3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476 - NULL Pointer Dereference."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2072698",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072698"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2022/04/07/1",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2022/04/07/1"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4"
            },
            {
              "name": "https://access.redhat.com/security/cve/CVE-2022-1263",
              "refsource": "MISC",
              "url": "https://access.redhat.com/security/cve/CVE-2022-1263"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1263",
    "datePublished": "2022-08-31T15:33:00",
    "dateReserved": "2022-04-06T00:00:00",
    "dateUpdated": "2024-08-02T23:55:24.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41848 (GCVE-0-2022-41848)

Vulnerability from cvelistv5

Published

2022-09-30 05:15

Modified

2025-05-20 19:23

Severity ?

4.2 (Medium) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Summary

drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.

References

URL

Tags

	https://lore.kernel.org/lkml/20220919040251.GA302541%40ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/char/pcmcia/synclink_cs.c	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/lkml/20220919040251.GA302541%40ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/char/pcmcia/synclink_cs.c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.2,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41848",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T19:21:57.321162Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T19:23:56.959Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-30T05:15:10.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/lkml/20220919040251.GA302541%40ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/char/pcmcia/synclink_cs.c"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-41848",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270",
              "refsource": "MISC",
              "url": "https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/char/pcmcia/synclink_cs.c",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/char/pcmcia/synclink_cs.c"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-41848",
    "datePublished": "2022-09-30T05:15:10.000Z",
    "dateReserved": "2022-09-30T00:00:00.000Z",
    "dateUpdated": "2025-05-20T19:23:56.959Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-3239 (GCVE-0-2022-3239)

Vulnerability from cvelistv5

Published

2022-09-19 00:00

Modified

2024-08-03 01:00

Severity ?

CWE

CWE-416

Summary

A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

References

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c08eadca1bdfa099e20a32f8fa4b52b2f672236d
	https://security.netapp.com/advisory/ntap-20230214-0006/

Impacted products

	Vendor	Product	Version
	n/a	Kernel	Version: Linux kernel 5.18-rc1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:00:10.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c08eadca1bdfa099e20a32f8fa4b52b2f672236d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230214-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel 5.18-rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-14T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c08eadca1bdfa099e20a32f8fa4b52b2f672236d"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230214-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-3239",
    "datePublished": "2022-09-19T00:00:00",
    "dateReserved": "2022-09-19T00:00:00",
    "dateUpdated": "2024-08-03T01:00:10.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-3202 (GCVE-0-2022-3202)

Vulnerability from cvelistv5

Published

2022-09-14 00:00

Modified

2024-08-03 01:00

Severity ?

CWE

CWE-476

Summary

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.

References

URL

Tags

	https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47
	https://security.netapp.com/advisory/ntap-20221228-0007/

Impacted products

	Vendor	Product	Version
	n/a	Kernel	Version: Linux Kernel version prior to kernel 5.18 rc1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:00:10.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221228-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux Kernel version prior to kernel 5.18 rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-28T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221228-0007/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-3202",
    "datePublished": "2022-09-14T00:00:00",
    "dateReserved": "2022-09-13T00:00:00",
    "dateUpdated": "2024-08-03T01:00:10.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39188 (GCVE-0-2022-39188)

Vulnerability from cvelistv5

Published

2022-09-02 00:00

Modified

2024-08-03 12:00

Severity ?

CWE

Summary

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.

References

URL

Tags

	https://bugs.chromium.org/p/project-zero/issues/detail?id=2329
	https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iqEApujD5VtM3Re-tCKLDEFdEdbg%40mail.gmail.com/
	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19
	https://github.com/torvalds/linux/commit/b67fbebd4cf980aecbcc750e1462128bffe8ae15
	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b67fbebd4cf980aecbcc750e1462128bffe8ae15
	https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html	mailing-list
	https://www.debian.org/security/2022/dsa-5257	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:42.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2329"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iqEApujD5VtM3Re-tCKLDEFdEdbg%40mail.gmail.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/b67fbebd4cf980aecbcc750e1462128bffe8ae15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b67fbebd4cf980aecbcc750e1462128bffe8ae15"
          },
          {
            "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
          },
          {
            "name": "DSA-5257",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5257"
          },
          {
            "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-01T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2329"
        },
        {
          "url": "https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iqEApujD5VtM3Re-tCKLDEFdEdbg%40mail.gmail.com/"
        },
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19"
        },
        {
          "url": "https://github.com/torvalds/linux/commit/b67fbebd4cf980aecbcc750e1462128bffe8ae15"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b67fbebd4cf980aecbcc750e1462128bffe8ae15"
        },
        {
          "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
        },
        {
          "name": "DSA-5257",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5257"
        },
        {
          "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-39188",
    "datePublished": "2022-09-02T00:00:00",
    "dateReserved": "2022-09-02T00:00:00",
    "dateUpdated": "2024-08-03T12:00:42.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2586 (GCVE-0-2022-2586)

Vulnerability from cvelistv5

Published

2024-01-08 17:46

Modified

2025-07-30 01:37

Severity ?

5.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-416

Summary

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

References

URL

Tags

	https://ubuntu.com/security/notices/USN-5564-1	third-party-advisory
	https://ubuntu.com/security/notices/USN-5560-2	third-party-advisory
	https://ubuntu.com/security/notices/USN-5582-1	third-party-advisory
	https://ubuntu.com/security/notices/USN-5567-1	third-party-advisory
	https://ubuntu.com/security/notices/USN-5560-1	third-party-advisory
	https://ubuntu.com/security/notices/USN-5566-1	third-party-advisory
	https://www.openwall.com/lists/oss-security/2022/08/09/5	issue-tracking
	https://ubuntu.com/security/notices/USN-5565-1	third-party-advisory
	https://www.zerodayinitiative.com/advisories/ZDI-22-1118/	issue-tracking
	https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t	issue-tracking
	https://ubuntu.com/security/notices/USN-5562-1	third-party-advisory
	https://ubuntu.com/security/notices/USN-5557-1	third-party-advisory
	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586	issue-tracking

Impacted products

	Vendor	Product	Version
	The Linux Kernel Organization	linux	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.0-rc1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2586",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T15:34:35.432398Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-06-26",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2586"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:37:09.831Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-06-26T00:00:00+00:00",
            "value": "CVE-2022-2586 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-19T07:48:13.351Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5564-1"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5560-2"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5582-1"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5567-1"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5560-1"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5566-1"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/08/09/5"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5565-1"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5562-1"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5557-1"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "packageName": "linux",
          "platforms": [
            "Linux"
          ],
          "product": "linux",
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git",
          "vendor": "The Linux Kernel Organization",
          "versions": [
            {
              "lessThan": "6.0~rc1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Team Orca of Sea Security (@seasecresponse) working with Trend Micro\u0027s Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-08T17:46:06.110Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5564-1"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5560-2"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5582-1"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5567-1"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5560-1"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5566-1"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2022/08/09/5"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5565-1"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5562-1"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5557-1"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2022-2586",
    "datePublished": "2024-01-08T17:46:06.110Z",
    "dateReserved": "2022-07-29T22:01:19.576Z",
    "dateUpdated": "2025-07-30T01:37:09.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-41218 (GCVE-0-2022-41218)

Vulnerability from cvelistv5

Published

2022-09-21 00:00

Modified

2025-05-28 15:28

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Summary

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.

References

URL

Tags

	https://lore.kernel.org/all/20220908132754.30532-1-tiwai%40suse.de/
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/media/dvb-core/dmxdev.c
	http://www.openwall.com/lists/oss-security/2022/09/23/4	mailing-list
	http://www.openwall.com/lists/oss-security/2022/09/24/2	mailing-list
	http://www.openwall.com/lists/oss-security/2022/09/24/1	mailing-list
	https://www.debian.org/security/2023/dsa-5324	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html	mailing-list
	https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html	mailing-list
	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fd3d91ab1c6ab0628fe642dd570b56302c30a792

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:35:49.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/all/20220908132754.30532-1-tiwai%40suse.de/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/media/dvb-core/dmxdev.c"
          },
          {
            "name": "[oss-security] 20220923 CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/09/23/4"
          },
          {
            "name": "[oss-security] 20220923 Re: [Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/09/24/2"
          },
          {
            "name": "[oss-security] 20220923 [Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/09/24/1"
          },
          {
            "name": "DSA-5324",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5324"
          },
          {
            "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
          },
          {
            "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fd3d91ab1c6ab0628fe642dd570b56302c30a792"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41218",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-28T15:28:21.548855Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-28T15:28:47.976Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T00:41:17.864Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lore.kernel.org/all/20220908132754.30532-1-tiwai%40suse.de/"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/media/dvb-core/dmxdev.c"
        },
        {
          "name": "[oss-security] 20220923 CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/09/23/4"
        },
        {
          "name": "[oss-security] 20220923 Re: [Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/09/24/2"
        },
        {
          "name": "[oss-security] 20220923 [Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/09/24/1"
        },
        {
          "name": "DSA-5324",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5324"
        },
        {
          "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html"
        },
        {
          "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fd3d91ab1c6ab0628fe642dd570b56302c30a792"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-41218",
    "datePublished": "2022-09-21T00:00:00.000Z",
    "dateReserved": "2022-09-21T00:00:00.000Z",
    "dateUpdated": "2025-05-28T15:28:47.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39189 (GCVE-0-2022-39189)

Vulnerability from cvelistv5

Published

2022-09-02 00:00

Modified

2025-05-05 16:13

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.

References

URL

Tags

	https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
	https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.17
	https://github.com/torvalds/linux/commit/6cd88243c7e03845a450795e134b488fc2afb736
	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88243c7e03845a450795e134b488fc2afb736
	https://security.netapp.com/advisory/ntap-20230214-0007/
	https://www.debian.org/security/2023/dsa-5480	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:43.761Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2309"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/6cd88243c7e03845a450795e134b488fc2afb736"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88243c7e03845a450795e134b488fc2afb736"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230214-0007/"
          },
          {
            "name": "DSA-5480",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5480"
          },
          {
            "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-39189",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:29:41.403864Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:13:17.022Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-19T23:06:35.534Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2309"
        },
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.17"
        },
        {
          "url": "https://github.com/torvalds/linux/commit/6cd88243c7e03845a450795e134b488fc2afb736"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88243c7e03845a450795e134b488fc2afb736"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230214-0007/"
        },
        {
          "name": "DSA-5480",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5480"
        },
        {
          "name": "[debian-lts-announce] 20231019 [SECURITY] [DLA 3623-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-39189",
    "datePublished": "2022-09-02T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:13:17.022Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2503 (GCVE-0-2022-2503)

Vulnerability from cvelistv5

Published

2022-08-12 00:00

Modified

2025-04-21 13:50

Severity ?

6.9 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-302 - Authentication Bypass by Assumed-Immutable Data

Summary

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5

References

URL

Tags

	https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m
	https://security.netapp.com/advisory/ntap-20230214-0005/

Impacted products

	Vendor	Product	Version
	Linux Kernel	Linux Kernel	Version: unspecified < 4caae58406f8ceb741603eee460d79bacca9b1b5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:39:07.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230214-0005/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2503",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-21T13:39:52.291093Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T13:50:47.533Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "Linux Kernel",
          "versions": [
            {
              "lessThan": "4caae58406f8ceb741603eee460d79bacca9b1b5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-302",
              "description": "CWE-302 Authentication Bypass by Assumed-Immutable Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-14T00:00:00.000Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230214-0005/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Linux Kernel LoadPin bypass via dm-verity table reload",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2022-2503",
    "datePublished": "2022-08-12T00:00:00.000Z",
    "dateReserved": "2022-07-21T00:00:00.000Z",
    "dateUpdated": "2025-04-21T13:50:47.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2022-AVI-922

Vulnerability from certfr_avis

Solution

CVE-2022-3303 (GCVE-0-2022-3303)

Vulnerability from cvelistv5

CVE-2022-41849 (GCVE-0-2022-41849)

Vulnerability from cvelistv5

CVE-2022-20008 (GCVE-0-2022-20008)

Vulnerability from cvelistv5

CVE-2022-2663 (GCVE-0-2022-2663)

Vulnerability from cvelistv5

CVE-2022-1263 (GCVE-0-2022-1263)

Vulnerability from cvelistv5

CVE-2022-41848 (GCVE-0-2022-41848)

Vulnerability from cvelistv5

CVE-2022-3239 (GCVE-0-2022-3239)

Vulnerability from cvelistv5

CVE-2022-3202 (GCVE-0-2022-3202)

Vulnerability from cvelistv5

CVE-2022-39188 (GCVE-0-2022-39188)

Vulnerability from cvelistv5

CVE-2022-2586 (GCVE-0-2022-2586)

Vulnerability from cvelistv5

CVE-2022-41218 (GCVE-0-2022-41218)

Vulnerability from cvelistv5

CVE-2022-39189 (GCVE-0-2022-39189)

Vulnerability from cvelistv5

CVE-2022-2503 (GCVE-0-2022-2503)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature