Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0167
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
Title | Publication Time | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Ubuntu 16.04 ESM", "product": { "name": "Ubuntu", "vendor": { "name": "Ubuntu", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2023-0461", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0461" }, { "name": "CVE-2022-3628", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3628" }, { "name": "CVE-2022-29900", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29900" }, { "name": "CVE-2022-29901", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29901" }, { "name": "CVE-2022-42895", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42895" }, { "name": "CVE-2022-43750", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43750" }, { "name": "CVE-2022-41858", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41858" }, { "name": "CVE-2022-39842", "url": "https://www.cve.org/CVERecord?id=CVE-2022-39842" }, { "name": "CVE-2022-41849", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41849" }, { "name": "CVE-2022-2663", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2663" }, { "name": "CVE-2022-3649", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3649" }, { "name": "CVE-2022-3545", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3545" }, { "name": "CVE-2023-23559", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23559" }, { "name": "CVE-2022-41850", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41850" }, { "name": "CVE-2022-3646", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3646" }, { "name": "CVE-2022-42328", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42328" }, { "name": "CVE-2022-3640", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3640" }, { "name": "CVE-2022-4378", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4378" }, { "name": "CVE-2021-4155", "url": "https://www.cve.org/CVERecord?id=CVE-2021-4155" }, { "name": "CVE-2022-26373", "url": "https://www.cve.org/CVERecord?id=CVE-2022-26373" }, { "name": "CVE-2023-0045", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0045" }, { "name": "CVE-2022-20369", "url": "https://www.cve.org/CVERecord?id=CVE-2022-20369" }, { "name": "CVE-2022-20566", "url": "https://www.cve.org/CVERecord?id=CVE-2022-20566" }, { "name": "CVE-2022-3521", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3521" } ], "initial_release_date": "2023-02-24T00:00:00", "last_revision_date": "2023-02-24T00:00:00", "links": [], "reference": "CERTFR-2023-AVI-0167", "revisions": [ { "description": "Version initiale", "revision_date": "2023-02-24T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la\npolitique de s\u00e9curit\u00e9.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5884-1 du 23 f\u00e9vrier 2023", "url": "https://ubuntu.com/security/notices/USN-5884-1" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5883-1 du 22 f\u00e9vrier 2023", "url": "https://ubuntu.com/security/notices/USN-5883-1" } ] }
CVE-2021-4155 (GCVE-0-2021-4155)
Vulnerability from cvelistv5
Published
2022-08-24 15:10
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-131 - - Incorrect Calculation of Buffer Size
Summary
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:16:04.255Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/01/10/1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2021-4155" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2021-4155" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in Kernel v5.16" } ] } ], "descriptions": [ { "lang": "en", "value": "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-131", "description": "CWE-131 - Incorrect Calculation of Buffer Size", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-24T15:10:19", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2022/01/10/1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/CVE-2021-4155" }, { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2021-4155" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-4155", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "kernel", "version": { "version_data": [ { "version_value": "Fixed in Kernel v5.16" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-131 - Incorrect Calculation of Buffer Size" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openwall.com/lists/oss-security/2022/01/10/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/01/10/1" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813" }, { "name": "https://access.redhat.com/security/cve/CVE-2021-4155", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2021-4155" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2021-4155", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2021-4155" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-4155", "datePublished": "2022-08-24T15:10:19", "dateReserved": "2021-12-22T00:00:00", "dateUpdated": "2024-08-03T17:16:04.255Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-20369 (GCVE-0-2022-20369)
Vulnerability from cvelistv5
Published
2022-08-11 00:00
Modified
2024-08-03 02:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.612Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-08-01" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-08-01" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20369", "datePublished": "2022-08-11T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.612Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-26373 (GCVE-0-2022-26373)
Vulnerability from cvelistv5
Published
2022-08-18 00:00
Modified
2025-05-05 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- information disclosure
Summary
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) Processors |
Version: See references |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:03:32.895Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221007-0005/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-26373", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T13:20:22.737694Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-05T16:22:27.550Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-07T00:00:00.000Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "url": "https://security.netapp.com/advisory/ntap-20221007-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-26373", "datePublished": "2022-08-18T00:00:00.000Z", "dateReserved": "2022-05-11T00:00:00.000Z", "dateUpdated": "2025-05-05T16:22:27.550Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-29900 (GCVE-0-2022-29900)
Vulnerability from cvelistv5
Published
2022-07-12 15:50
Modified
2024-11-20 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- NA
Summary
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
AMD | AMD Processors |
Version: Processor Some AMD Processors |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:33:43.145Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037" }, { "name": "FEDORA-2022-a0d7a5eaf2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/" }, { "name": "DSA-5207", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5207" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "tags": [ "x_transferred" ], "url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/" }, { "name": "GLSA-202402-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-07" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-29900", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T16:09:18.710200Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-20T16:13:31.449Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "AMD Processors", "vendor": "AMD", "versions": [ { "status": "affected", "version": "Processor Some AMD Processors" } ] } ], "datePublic": "2022-07-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions." } ], "problemTypes": [ { "descriptions": [ { "description": "NA", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-04T08:06:53.374904", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037" }, { "name": "FEDORA-2022-a0d7a5eaf2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/" }, { "name": "DSA-5207", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5207" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/" }, { "name": "GLSA-202402-07", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202402-07" } ], "source": { "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2022-29900", "datePublished": "2022-07-12T15:50:10.585306Z", "dateReserved": "2022-04-28T00:00:00", "dateUpdated": "2024-11-20T16:13:31.449Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41850 (GCVE-0-2022-41850)
Vulnerability from cvelistv5
Published
2022-09-30 00:00
Modified
2024-08-03 12:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.133Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20220904193115.GA28134%40ubuntu/t/#u" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cacdb14b1c8d3804a3a7d31773bc7569837b71a4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report-\u003evalue is in progress." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:40:37.282942", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/all/20220904193115.GA28134%40ubuntu/t/#u" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cacdb14b1c8d3804a3a7d31773bc7569837b71a4" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-41850", "datePublished": "2022-09-30T00:00:00", "dateReserved": "2022-09-30T00:00:00", "dateUpdated": "2024-08-03T12:56:38.133Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-3649 (GCVE-0-2022-3649)
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Memory Corruption -> CWE-416 Use After Free
Summary
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:03.289Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d325dc6eb763c10f591c239550b8c7e5466a5d09" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211992" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230214-0009/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d325dc6eb763c10f591c239550b8c7e5466a5d09" }, { "url": "https://vuldb.com/?id.211992" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230214-0009/" } ], "title": "Linux Kernel BPF inode.c nilfs_new_inode use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3649", "datePublished": "2022-10-21T00:00:00", "dateReserved": "2022-10-21T00:00:00", "dateUpdated": "2024-08-03T01:14:03.289Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-29901 (GCVE-0-2022-29901)
Vulnerability from cvelistv5
Published
2022-07-12 00:00
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
References
URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Intel | Intel Microprocessors |
Version: generations 6 to 8 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:33:43.000Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://comsec.ethz.ch/retbleed" }, { "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html" }, { "name": "[oss-security] 20220712 Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/12/2" }, { "name": "[oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/12/4" }, { "name": "[oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/12/5" }, { "name": "[oss-security] 20220713 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/13/1" }, { "name": "FEDORA-2022-c69ef9c1dd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/" }, { "name": "FEDORA-2022-8aab5b5cde", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/" }, { "name": "DSA-5207", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5207" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221007-0007/" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/" }, { "name": "GLSA-202402-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-07" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel Microprocessors", "vendor": "Intel", "versions": [ { "status": "affected", "version": "generations 6 to 8" } ] } ], "credits": [ { "lang": "en", "value": "Johannes Wikner - ETH Z\u00fcrich" }, { "lang": "en", "value": "Kaveh Razavi - ETH Z\u00fcrich" } ], "descriptions": [ { "lang": "en", "value": "Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-04T08:06:41.365488", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "url": "https://comsec.ethz.ch/retbleed" }, { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html" }, { "name": "[oss-security] 20220712 Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/12/2" }, { "name": "[oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/12/4" }, { "name": "[oss-security] 20220712 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/12/5" }, { "name": "[oss-security] 20220713 Re: Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed - arbitrary speculative code execution with return instructions", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/13/1" }, { "name": "FEDORA-2022-c69ef9c1dd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M27MB3QFNIJV4EQQSXWARHP3OGX6CR6K/" }, { "name": "FEDORA-2022-8aab5b5cde", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4RW5FCIYFNCQOEFJEUIRW3DGYW7CWBG/" }, { "name": "DSA-5207", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5207" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "url": "https://security.netapp.com/advisory/ntap-20221007-0007/" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/" }, { "name": "GLSA-202402-07", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202402-07" } ], "source": { "discovery": "EXTERNAL" }, "title": "Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-29901", "datePublished": "2022-07-12T00:00:00", "dateReserved": "2022-04-28T00:00:00", "dateUpdated": "2024-08-03T06:33:43.000Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-42895 (GCVE-0-2022-42895)
Vulnerability from cvelistv5
Published
2022-11-23 14:11
Modified
2025-04-21 13:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-824 - Access of Uninitialized Pointer
Summary
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.
We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux Kernel |
Version: 3.0.0 < |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.390Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-42895", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-21T13:36:47.348915Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-21T13:46:05.829Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "b1a2cd50c0357f243b7435a732b4e62ba3157a2e", "status": "affected", "version": "3.0.0", "versionType": "custom" } ] } ], "datePublic": "2022-11-02T23:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.\u003c/span\u003e\u003cbr\u003eWe recommend upgrading past commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?q=https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u0026amp;sa=D\u0026amp;source=buganizer\u0026amp;usg=AOvVaw1MgsfyPTiSrqqs3LAs-ZRS\"\u003ehttps://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "There is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.\nWe recommend upgrading past commit\u00a0 https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url \n\n" } ], "impacts": [ { "capecId": "CAPEC-410", "descriptions": [ { "lang": "en", "value": "CAPEC-410 Information Elicitation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "CWE-824 Access of Uninitialized Pointer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-23T14:14:27.857Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e" }, { "url": "https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e" } ], "source": { "discovery": "EXTERNAL" }, "title": "Info Leak in l2cap_core in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-42895", "datePublished": "2022-11-23T14:11:33.340Z", "dateReserved": "2022-10-12T18:30:19.769Z", "dateUpdated": "2025-04-21T13:46:05.829Z", "requesterUserId": "ed9b5bb2-2df1-4aa3-9791-5fb260d88e62", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-2663 (GCVE-0-2022-2663)
Vulnerability from cvelistv5
Published
2022-09-01 00:00
Modified
2024-08-03 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Linux kernel |
Version: unknown |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:46:04.030Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/08/30/1" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "tags": [ "x_transferred" ], "url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663" }, { "tags": [ "x_transferred" ], "url": "https://www.youtube.com/watch?v=WIq-YgQuYCA" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "unknown" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-923", "description": "CWE-923", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://www.openwall.com/lists/oss-security/2022/08/30/1" }, { "url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663" }, { "url": "https://www.youtube.com/watch?v=WIq-YgQuYCA" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2663", "datePublished": "2022-09-01T00:00:00", "dateReserved": "2022-08-04T00:00:00", "dateUpdated": "2024-08-03T00:46:04.030Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-39842 (GCVE-0-2022-39842)
Vulnerability from cvelistv5
Published
2022-09-05 00:00
Modified
2024-08-03 12:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:07:42.999Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/YylaC1wHHyLw22D3%40kadam/T/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-19T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19" }, { "url": "https://github.com/torvalds/linux/commit/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "url": "https://lore.kernel.org/all/YylaC1wHHyLw22D3%40kadam/T/" } ], "tags": [ "disputed" ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-39842", "datePublished": "2022-09-05T00:00:00", "dateReserved": "2022-09-05T00:00:00", "dateUpdated": "2024-08-03T12:07:42.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-42328 (GCVE-0-2022-42328)
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2025-04-23 14:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- unknown
Summary
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.967Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://xenbits.xenproject.org/xsa/advisory-424.txt" }, { "name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/08/3" }, { "name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/08/2" }, { "name": "[oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/09/2" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-42328", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T14:25:41.282586Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-667", "description": "CWE-667 Improper Locking", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-23T14:26:39.413Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Linux", "vendor": "Linux", "versions": [ { "status": "unknown", "version": "consult Xen advisory XSA-424" } ] } ], "descriptions": [ { "lang": "en", "value": "Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329)." } ], "metrics": [ { "other": { "content": { "description": { "description_data": [ { "lang": "eng", "value": "A malicious guest could cause Denial of Service (DoS) of the host via\nthe paravirtualized network interface." } ] } }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "unknown", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00.000Z", "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN" }, "references": [ { "url": "https://xenbits.xenproject.org/xsa/advisory-424.txt" }, { "name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/08/3" }, { "name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/08/2" }, { "name": "[oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/09/2" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ] } }, "cveMetadata": { "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "cveId": "CVE-2022-42328", "datePublished": "2022-12-07T00:00:00.000Z", "dateReserved": "2022-10-03T00:00:00.000Z", "dateUpdated": "2025-04-23T14:26:39.413Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-0461 (GCVE-0-2023-0461)
Vulnerability from cvelistv5
Published
2023-02-28 14:23
Modified
2025-02-13 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.
There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.
When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.
The setsockopt TCP_ULP operation does not require any privilege.
We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux Kernel |
Version: 0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:56.165Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230331-0006/" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#2c02d41d71f90a5168391b6a5f2954112ba2307c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c02d41d71f90a5168391b6a5f2954112ba2307c" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-0461", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T15:55:09.289052Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T15:55:22.180Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "2c02d41d71f90a5168391b6a5f2954112ba2307c", "status": "affected", "version": "0", "versionType": "git" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "slipper" } ], "datePublic": "2023-01-02T23:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThere is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag \u003ccode\u003eCONFIG_TLS\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eCONFIG_XFRM_ESPINTCP\u003c/code\u003e\u0026nbsp;has to be configured, but the operation does not require any privilege.\u003c/p\u003e\u003cp\u003eThere is a use-after-free bug of \u003ccode\u003eicsk_ulp_data\u003c/code\u003e\u0026nbsp;of a \u003ccode\u003estruct inet_connection_sock\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eWhen \u003ccode\u003eCONFIG_TLS\u003c/code\u003e\u0026nbsp;is enabled, user can install a tls context (\u003ccode\u003estruct tls_context\u003c/code\u003e) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\u003c/p\u003e\u003cp\u003eThe \u003ccode\u003esetsockopt\u003c/code\u003e\u0026nbsp;\u003ccode\u003eTCP_ULP\u003c/code\u003e\u0026nbsp;operation does not require any privilege.\u003c/p\u003eWe recommend upgrading past commit\u0026nbsp;2c02d41d71f90a5168391b6a5f2954112ba2307c" } ], "value": "There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS\u00a0or CONFIG_XFRM_ESPINTCP\u00a0has to be configured, but the operation does not require any privilege.\n\nThere is a use-after-free bug of icsk_ulp_data\u00a0of a struct inet_connection_sock.\n\nWhen CONFIG_TLS\u00a0is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\n\nThe setsockopt\u00a0TCP_ULP\u00a0operation does not require any privilege.\n\nWe recommend upgrading past commit\u00a02c02d41d71f90a5168391b6a5f2954112ba2307c" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T13:06:48.668Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://kernel.dance/#2c02d41d71f90a5168391b6a5f2954112ba2307c" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c02d41d71f90a5168391b6a5f2954112ba2307c" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free vulnerability in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-0461", "datePublished": "2023-02-28T14:23:02.224Z", "dateReserved": "2023-01-24T09:47:24.966Z", "dateUpdated": "2025-02-13T16:38:58.993Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-4378 (GCVE-0-2022-4378)
Vulnerability from cvelistv5
Published
2023-01-05 00:00
Modified
2025-04-10 14:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-131 - ->CWE-120
Summary
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:41:44.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152548" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch" }, { "tags": [ "x_transferred" ], "url": "https://seclists.org/oss-sec/2022/q4/178" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-4378", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-10T14:19:16.617191Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-10T14:19:42.254Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "kernel 6.0.12" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack overflow flaw was found in the Linux kernel\u0027s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-131", "description": "CWE-131-\u003eCWE-120", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-08T00:00:00.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152548" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch" }, { "url": "https://seclists.org/oss-sec/2022/q4/178" }, { "url": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-4378", "datePublished": "2023-01-05T00:00:00.000Z", "dateReserved": "2022-12-09T00:00:00.000Z", "dateUpdated": "2025-04-10T14:19:42.254Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-3646 (GCVE-0-2022-3646)
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2025-04-15 13:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-404 - Denial of Service -> CWE-401 Memory Leak
Summary
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:03.291Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d51a97063db4704a5ef6bc978dddab1636a306" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211961" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-3646", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-14T17:07:39.915979Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-15T13:24:51.206Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-404", "description": "CWE-404 Denial of Service -\u003e CWE-401 Memory Leak", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00.000Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d51a97063db4704a5ef6bc978dddab1636a306" }, { "url": "https://vuldb.com/?id.211961" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "Linux Kernel BPF segment.c nilfs_attach_log_writer memory leak", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3646", "datePublished": "2022-10-21T00:00:00.000Z", "dateReserved": "2022-10-21T00:00:00.000Z", "dateUpdated": "2025-04-15T13:24:51.206Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-3521 (GCVE-0-2022-3521)
Vulnerability from cvelistv5
Published
2022-10-16 00:00
Modified
2025-04-15 13:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Race Condition
Summary
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.040Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec7eede369fe5b0d085ac51fdbb95184f87bfc6c" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211018" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-3521", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-14T17:09:28.288661Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-15T13:44:23.128Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Race Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00.000Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec7eede369fe5b0d085ac51fdbb95184f87bfc6c" }, { "url": "https://vuldb.com/?id.211018" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "Linux Kernel kcm kcmsock.c kcm_tx_work race condition", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3521", "datePublished": "2022-10-16T00:00:00.000Z", "dateReserved": "2022-10-16T00:00:00.000Z", "dateUpdated": "2025-04-15T13:44:23.128Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-3545 (GCVE-0-2022-3545)
Vulnerability from cvelistv5
Published
2022-10-17 00:00
Modified
2025-04-15 13:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Memory Corruption -> CWE-416 Use After Free
Summary
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:01.597Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211045" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221223-0003/" }, { "name": "DSA-5324", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-3545", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-14T17:08:55.254158Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-15T13:43:19.382Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00.000Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a" }, { "url": "https://vuldb.com/?id.211045" }, { "url": "https://security.netapp.com/advisory/ntap-20221223-0003/" }, { "name": "DSA-5324", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3545", "datePublished": "2022-10-17T00:00:00.000Z", "dateReserved": "2022-10-17T00:00:00.000Z", "dateUpdated": "2025-04-15T13:43:19.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41858 (GCVE-0-2022-41858)
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2025-04-07 16:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Linux kernel |
Version: unknown |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.264Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230223-0006/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-41858", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-07T16:46:04.627051Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-07T16:46:38.678Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "unknown" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-23T00:00:00.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798" }, { "url": "https://security.netapp.com/advisory/ntap-20230223-0006/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-41858", "datePublished": "2023-01-17T00:00:00.000Z", "dateReserved": "2022-09-30T00:00:00.000Z", "dateUpdated": "2025-04-07T16:46:38.678Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-41849 (GCVE-0-2022-41849)
Vulnerability from cvelistv5
Published
2022-09-30 00:00
Modified
2024-08-03 12:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
References
URL | Tags | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.191Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20220925133243.GA383897%40ubuntu/T/" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5610bcfe8693c02e2e4c8b31427f1bdbdecc839c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:40:34.370971", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/all/20220925133243.GA383897%40ubuntu/T/" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5610bcfe8693c02e2e4c8b31427f1bdbdecc839c" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-41849", "datePublished": "2022-09-30T00:00:00", "dateReserved": "2022-09-30T00:00:00", "dateUpdated": "2024-08-03T12:56:38.191Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-3640 (GCVE-0-2022-3640)
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Memory Corruption -> CWE-416 Use After Free
Summary
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.
References
URL | Tags | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:03.216Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211944" }, { "name": "FEDORA-2022-64ab9153c0", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD7VWUT7YAU4CJ247IF44NGVOAODAJGC/" }, { "name": "FEDORA-2022-65a0a3504a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGOIRR72OAFE53XZRUDZDP7INGLIC3E3/" }, { "name": "FEDORA-2022-7aadaadebc", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG2UPX3MQ7RKRJEUMGEH2TLPKZJCBU5C/" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979" }, { "url": "https://vuldb.com/?id.211944" }, { "name": "FEDORA-2022-64ab9153c0", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD7VWUT7YAU4CJ247IF44NGVOAODAJGC/" }, { "name": "FEDORA-2022-65a0a3504a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DGOIRR72OAFE53XZRUDZDP7INGLIC3E3/" }, { "name": "FEDORA-2022-7aadaadebc", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG2UPX3MQ7RKRJEUMGEH2TLPKZJCBU5C/" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "Linux Kernel Bluetooth l2cap_core.c l2cap_conn_del use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3640", "datePublished": "2022-10-21T00:00:00", "dateReserved": "2022-10-21T00:00:00", "dateUpdated": "2024-08-03T01:14:03.216Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-43750 (GCVE-0-2022-43750)
Vulnerability from cvelistv5
Published
2022-10-26 00:00
Modified
2025-05-07 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
References
URL | Tags | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.468Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/a659daf63d16aa883be42f3f34ff84235c302198" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a659daf63d16aa883be42f3f34ff84235c302198" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.15" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.1" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-43750", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-05-07T13:40:16.318732Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-07T13:40:53.245Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor\u0027s internal memory." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/a659daf63d16aa883be42f3f34ff84235c302198" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a659daf63d16aa883be42f3f34ff84235c302198" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.15" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.1" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-43750", "datePublished": "2022-10-26T00:00:00.000Z", "dateReserved": "2022-10-26T00:00:00.000Z", "dateUpdated": "2025-05-07T13:40:53.245Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-23559 (GCVE-0-2023-23559)
Vulnerability from cvelistv5
Published
2023-01-13 00:00
Modified
2025-05-05 16:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:33.175Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich%40gmail.com/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230302-0003/" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-23559", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T13:29:21.290984Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-05T16:05:27.474Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:41:20.856Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich%40gmail.com/" }, { "url": "https://security.netapp.com/advisory/ntap-20230302-0003/" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-23559", "datePublished": "2023-01-13T00:00:00.000Z", "dateReserved": "2023-01-13T00:00:00.000Z", "dateUpdated": "2025-05-05T16:05:27.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-3628 (GCVE-0-2022-3628)
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2025-04-08 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.991Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c?id=6788ba8aed4e28e90f72d68a9d794e34eac17295" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-3628", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-08T14:15:33.236322Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-08T14:16:10.907Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 6.1-rc5" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-12T00:00:00.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c?id=6788ba8aed4e28e90f72d68a9d794e34eac17295" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3628", "datePublished": "2023-01-12T00:00:00.000Z", "dateReserved": "2022-10-21T00:00:00.000Z", "dateUpdated": "2025-04-08T14:16:10.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-0045 (GCVE-0-2023-0045)
Vulnerability from cvelistv5
Published
2023-04-25 22:44
Modified
2025-02-13 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Summary
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.
We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96
References
URL | Tags | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Linux | Linux Kernel |
Version: 9137bb27e60e |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:54:32.575Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230714-0001/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-0045", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-03T17:52:12.098510Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-03T17:52:16.463Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "a664ec9158eeddd75121d39c9a0758016097fa96", "status": "affected", "version": "9137bb27e60e", "versionType": "git" } ] } ], "datePublic": "2023-01-02T23:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set \u0026nbsp;function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. \u0026nbsp;The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eWe recommend upgrading past commit\u0026nbsp;a664ec9158eeddd75121d39c9a0758016097fa96\u003cbr\u003e\u003cbr\u003e" } ], "value": "The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set \u00a0function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. \u00a0The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit\u00a0a664ec9158eeddd75121d39c9a0758016097fa96" } ], "impacts": [ { "capecId": "CAPEC-131", "descriptions": [ { "lang": "en", "value": "CAPEC-131 Resource Leak Exposure" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-610", "description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-23T01:41:15.247Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230714-0001/" }, { "url": "https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8" } ], "source": { "discovery": "EXTERNAL" }, "title": "Incorrect indirect branch prediction barrier in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-0045", "datePublished": "2023-04-25T22:44:57.262Z", "dateReserved": "2023-01-04T10:07:20.469Z", "dateUpdated": "2025-02-13T16:38:41.984Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-20566 (GCVE-0-2022-20566)
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2025-04-21 13:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-20566", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-04-21T13:04:29.660645Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-667", "description": "CWE-667 Improper Locking", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-04-21T13:05:26.287Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00.000Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20566", "datePublished": "2022-12-16T00:00:00.000Z", "dateReserved": "2021-10-14T00:00:00.000Z", "dateUpdated": "2025-04-21T13:05:26.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…