Vulnerability-Lookup

alsa-2022:7933

Vulnerability from osv_almalinux

Published

2022-11-15 00:00

Modified

2022-11-18 08:38

Summary

Moderate: kernel-rt security and bug fix update

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)
use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)
smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)
NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)
swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)
uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)
race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)
use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)
concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)
kernel info leak issue in pfkey_register (CVE-2022-1353)
use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)
NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)
fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)
nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)
openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)
slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)
incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)
incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)
incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)
possible to use the debugger to write zero into a location of choice (CVE-2022-21499)
AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)
AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)
Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)
double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)
use after free in SUNRPC subsystem (CVE-2022-28893)
use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)
Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)
DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)
nf_tables disallow binding to already bound chain (CVE-2022-39190)
nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2022:7933	ADVISORY
	https://access.redhat.com/security/cve/CVE-2020-36516	REPORT
	https://access.redhat.com/security/cve/CVE-2021-3640	REPORT
	https://access.redhat.com/security/cve/CVE-2022-0168	REPORT
	https://access.redhat.com/security/cve/CVE-2022-0617	REPORT
	https://access.redhat.com/security/cve/CVE-2022-0854	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1016	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1048	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1184	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1280	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1353	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1679	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1852	REPORT
	https://access.redhat.com/security/cve/CVE-2022-1998	REPORT
	https://access.redhat.com/security/cve/CVE-2022-20368	REPORT
	https://access.redhat.com/security/cve/CVE-2022-21123	REPORT
	https://access.redhat.com/security/cve/CVE-2022-21125	REPORT
	https://access.redhat.com/security/cve/CVE-2022-21166	REPORT
	https://access.redhat.com/security/cve/CVE-2022-21499	REPORT
	https://access.redhat.com/security/cve/CVE-2022-23816	REPORT
	https://access.redhat.com/security/cve/CVE-2022-23825	REPORT
	https://access.redhat.com/security/cve/CVE-2022-24448	REPORT
	https://access.redhat.com/security/cve/CVE-2022-2586	REPORT
	https://access.redhat.com/security/cve/CVE-2022-26373	REPORT
	https://access.redhat.com/security/cve/CVE-2022-2639	REPORT
	https://access.redhat.com/security/cve/CVE-2022-28390	REPORT
	https://access.redhat.com/security/cve/CVE-2022-28893	REPORT
	https://access.redhat.com/security/cve/CVE-2022-29581	REPORT
	https://access.redhat.com/security/cve/CVE-2022-29900	REPORT
	https://access.redhat.com/security/cve/CVE-2022-29901	REPORT
	https://access.redhat.com/security/cve/CVE-2022-36946	REPORT
	https://access.redhat.com/security/cve/CVE-2022-39190	REPORT
	https://bugzilla.redhat.com/1980646	REPORT
	https://bugzilla.redhat.com/2037386	REPORT
	https://bugzilla.redhat.com/2051444	REPORT
	https://bugzilla.redhat.com/2052312	REPORT
	https://bugzilla.redhat.com/2053632	REPORT
	https://bugzilla.redhat.com/2058395	REPORT
	https://bugzilla.redhat.com/2059928	REPORT
	https://bugzilla.redhat.com/2066614	REPORT
	https://bugzilla.redhat.com/2066706	REPORT
	https://bugzilla.redhat.com/2066819	REPORT
	https://bugzilla.redhat.com/2070205	REPORT
	https://bugzilla.redhat.com/2071022	REPORT
	https://bugzilla.redhat.com/2073064	REPORT
	https://bugzilla.redhat.com/2074208	REPORT
	https://bugzilla.redhat.com/2084125	REPORT
	https://bugzilla.redhat.com/2084183	REPORT
	https://bugzilla.redhat.com/2084479	REPORT
	https://bugzilla.redhat.com/2088021	REPORT
	https://bugzilla.redhat.com/2089815	REPORT
	https://bugzilla.redhat.com/2090226	REPORT
	https://bugzilla.redhat.com/2090237	REPORT
	https://bugzilla.redhat.com/2090240	REPORT
	https://bugzilla.redhat.com/2090241	REPORT
	https://bugzilla.redhat.com/2103148	REPORT
	https://bugzilla.redhat.com/2103153	REPORT
	https://bugzilla.redhat.com/2114878	REPORT
	https://bugzilla.redhat.com/2115065	REPORT
	https://bugzilla.redhat.com/2115278	REPORT
	https://bugzilla.redhat.com/2123695	REPORT
	https://bugzilla.redhat.com/2129152	REPORT
	https://errata.almalinux.org/9/ALSA-2022-7933.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-162.6.1.rt21.168.el9_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-162.6.1.rt21.168.el9_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-162.6.1.rt21.168.el9_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-162.6.1.rt21.168.el9_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-162.6.1.rt21.168.el9_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-kvm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-162.6.1.rt21.168.el9_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-162.6.1.rt21.168.el9_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-debug-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-162.6.1.rt21.168.el9_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-162.6.1.rt21.168.el9_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-kvm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-162.6.1.rt21.168.el9_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-162.6.1.rt21.168.el9_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "kernel-rt-modules-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.14.0-162.6.1.rt21.168.el9_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim\u0027s TCP session (CVE-2020-36516)\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n* smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n* uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n* race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n* concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)\n* kernel info leak issue in pfkey_register (CVE-2022-1353)\n* use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n* fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n* slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n* incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n* incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n* incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n* AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n* AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n* Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n* double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n* use after free in SUNRPC subsystem (CVE-2022-28893)\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n* Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n* nf_tables disallow binding to already bound chain (CVE-2022-39190)\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2022:7933",
  "modified": "2022-11-18T08:38:28Z",
  "published": "2022-11-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:7933"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2020-36516"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-3640"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-0168"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-0617"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-0854"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1016"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1048"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1184"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1280"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1353"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1679"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1852"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1998"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-20368"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-21123"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-21125"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-21166"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-21499"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-23816"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-23825"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-24448"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2586"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-26373"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2639"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-28390"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-28893"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-29581"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-29900"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-29901"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-36946"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-39190"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/1980646"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2037386"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2051444"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2052312"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2053632"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2058395"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2059928"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2066614"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2066706"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2066819"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2070205"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2071022"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2073064"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2074208"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2084125"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2084183"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2084479"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2088021"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2089815"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2090226"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2090237"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2090240"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2090241"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2103148"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2103153"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2114878"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2115065"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2115278"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2123695"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2129152"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2022-7933.html"
    }
  ],
  "related": [
    "CVE-2020-36516",
    "CVE-2021-3640",
    "CVE-2022-0168",
    "CVE-2022-0617",
    "CVE-2022-0854",
    "CVE-2022-1016",
    "CVE-2022-1048",
    "CVE-2022-1184",
    "CVE-2022-1280",
    "CVE-2022-1353",
    "CVE-2022-1679",
    "CVE-2022-1852",
    "CVE-2022-1998",
    "CVE-2022-2586",
    "CVE-2022-2639",
    "CVE-2022-20368",
    "CVE-2022-21123",
    "CVE-2022-21125",
    "CVE-2022-21166",
    "CVE-2022-21499",
    "CVE-2022-23816",
    "CVE-2022-29900",
    "CVE-2022-23825",
    "CVE-2022-26373",
    "CVE-2022-28390",
    "CVE-2022-28893",
    "CVE-2022-29581",
    "CVE-2022-29901",
    "CVE-2022-36946",
    "CVE-2022-39190",
    "CVE-2022-24448"
  ],
  "summary": "Moderate: kernel-rt security and bug fix update"
}

CVE-2020-36516 (GCVE-0-2020-36516)

Vulnerability from cvelistv5 – Published: 2022-02-26 03:14 – Updated: 2024-08-04 17:30

Summary

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

2 references

URL	Tags
https://dl.acm.org/doi/10.1145/3372297.3417884	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2022033…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:30:08.304Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://dl.acm.org/doi/10.1145/3372297.3417884"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220331-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim\u0027s TCP session or terminate that session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-31T08:06:10.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://dl.acm.org/doi/10.1145/3372297.3417884"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220331-0003/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36516",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim\u0027s TCP session or terminate that session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://dl.acm.org/doi/10.1145/3372297.3417884",
              "refsource": "MISC",
              "url": "https://dl.acm.org/doi/10.1145/3372297.3417884"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220331-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220331-0003/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36516",
    "datePublished": "2022-02-26T03:14:46.000Z",
    "dateReserved": "2022-02-26T00:00:00.000Z",
    "dateUpdated": "2024-08-04T17:30:08.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3640 (GCVE-0-2021-3640)

Vulnerability from cvelistv5 – Published: 2022-03-03 22:04 – Updated: 2024-08-03 17:01

Summary

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.

Severity

No CVSS data available.

CWE

CWE-362 - - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), CWE-416 - Use After Free.

Assigner

redhat

References

9 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1980646	x_refsource_MISC
https://ubuntu.com/security/CVE-2021-3640	x_refsource_MISC
https://www.openwall.com/lists/oss-security/2021/…	x_refsource_MISC
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
https://github.com/torvalds/linux/commit/99c23da0…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5096	vendor-advisoryx_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-2022041…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
n/a	kernel	Affected: Affects kernel v5.15.3 and prior, Fixed in v5.16-rc1 and above.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:07.744Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980646"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/CVE-2021-3640"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2021/07/22/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16\u0026id=99c23da0eed4fd20cae8243f2b51e10e66aa0951"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
          },
          {
            "name": "DSA-5096",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5096"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220419-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Affects kernel v5.15.3 and prior, Fixed in v5.16-rc1 and above."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027), CWE-416 - Use After Free.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:06:25.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980646"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ubuntu.com/security/CVE-2021-3640"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2021/07/22/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16\u0026id=99c23da0eed4fd20cae8243f2b51e10e66aa0951"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
        },
        {
          "name": "DSA-5096",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5096"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220419-0003/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3640",
    "datePublished": "2022-03-03T22:04:15.000Z",
    "dateReserved": "2021-07-09T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:01:07.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0168 (GCVE-0-2022-0168)

Vulnerability from cvelistv5 – Published: 2022-08-26 17:25 – Updated: 2024-08-02 23:18

Summary

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.

Severity

No CVSS data available.

CWE

CWE-476 - - NULL Pointer Dereference

Assigner

redhat

References

3 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2037386	x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2022-0168	x_refsource_MISC
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	kernel	Affected: Affects v5.4–5.12, v5.13-rc+HEAD

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037386"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-0168"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Affects v5.4\u20135.12, v5.13-rc+HEAD"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service (DOS) issue was found in the Linux kernel\u2019s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 - NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-26T17:25:46.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037386"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2022-0168"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6f5e358452479fa8a773b5c6ccc9e4ec5a20880"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0168",
    "datePublished": "2022-08-26T17:25:46.000Z",
    "dateReserved": "2022-01-10T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:18:41.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0617 (GCVE-0-2022-0617)

Vulnerability from cvelistv5 – Published: 2022-02-16 16:38 – Updated: 2024-08-02 23:32

Summary

A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.

Severity

No CVSS data available.

CWE

CWE-476

Assigner

redhat

References

8 references

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
https://lore.kernel.org/lkml/20220114172329.ygzry…	x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5095	vendor-advisoryx_refsource_DEBIAN
https://www.debian.org/security/2022/dsa-5096	vendor-advisoryx_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2022/04/13/2	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
n/a	Kernel	Affected: Linux kernel 5.17-rc2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr%40quack3.lan/T/"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
          },
          {
            "name": "DSA-5095",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5095"
          },
          {
            "name": "DSA-5096",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5096"
          },
          {
            "name": "[oss-security] 20220413 CVE-2022-0617: udf:A null-ptr-deref bug be triggered when write to an ICB inode",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/13/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel 5.17-rc2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-13T17:06:43.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr%40quack3.lan/T/"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
        },
        {
          "name": "DSA-5095",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5095"
        },
        {
          "name": "DSA-5096",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5096"
        },
        {
          "name": "[oss-security] 20220413 CVE-2022-0617: udf:A null-ptr-deref bug be triggered when write to an ICB inode",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/13/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-0617",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Linux kernel 5.17-rc2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fc3b7c2981bbd1047916ade327beccb90994eee"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea8569194b43f0f01f0a84c689388542c7254a1f"
            },
            {
              "name": "https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr@quack3.lan/T/",
              "refsource": "MISC",
              "url": "https://lore.kernel.org/lkml/20220114172329.ygzry5rlz64ua2nr@quack3.lan/T/"
            },
            {
              "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
            },
            {
              "name": "DSA-5095",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5095"
            },
            {
              "name": "DSA-5096",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5096"
            },
            {
              "name": "[oss-security] 20220413 CVE-2022-0617: udf:A null-ptr-deref bug be triggered when write to an ICB inode",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/13/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0617",
    "datePublished": "2022-02-16T16:38:03.000Z",
    "dateReserved": "2022-02-15T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:32:46.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0854 (GCVE-0-2022-0854)

Vulnerability from cvelistv5 – Published: 2022-03-23 19:46 – Updated: 2024-08-02 23:40

Summary

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.

Severity

No CVSS data available.

CWE

CWE-200

Assigner

redhat

References

4 references

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
https://www.debian.org/security/2022/dsa-5161	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5173	vendor-advisoryx_refsource_DEBIAN

Impacted products

1 product

Vendor	Product	Version
n/a	Kernel	Affected: Linux kernel 5.17-rc8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:40:04.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13"
          },
          {
            "name": "DSA-5161",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5161"
          },
          {
            "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
          },
          {
            "name": "DSA-5173",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel 5.17-rc8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory leak flaw was found in the Linux kernel\u2019s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-04T10:11:26.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13"
        },
        {
          "name": "DSA-5161",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5161"
        },
        {
          "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
        },
        {
          "name": "DSA-5173",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-0854",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Linux kernel 5.17-rc8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory leak flaw was found in the Linux kernel\u2019s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/dma/swiotlb.c?h=v5.17-rc8\u0026id=aa6f8dcbab473f3a3c7454b74caa46d36cdc5d13"
            },
            {
              "name": "DSA-5161",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5161"
            },
            {
              "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
            },
            {
              "name": "DSA-5173",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0854",
    "datePublished": "2022-03-23T19:46:15.000Z",
    "dateReserved": "2022-03-04T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:40:04.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1016 (GCVE-0-2022-1016)

Vulnerability from cvelistv5 – Published: 2022-08-29 14:03 – Updated: 2024-08-02 23:47

Summary

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Severity

No CVSS data available.

CWE

CWE-824 - - Access of Uninitialized Pointer.

Assigner

redhat

References

4 references

URL	Tags
http://blog.dbouman.nl/2022/04/02/How-The-Tables-…	x_refsource_MISC
https://seclists.org/oss-sec/2022/q1/205	x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=2066614	x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2022-1016	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Kernel	Affected: Affects v3.13-rc1 and later, Fixed in v5.18-rc1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:42.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/oss-sec/2022/q1/205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066614"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-1016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Affects v3.13-rc1 and later, Fixed in v5.18-rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle \u0027return\u0027 with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824 - Access of Uninitialized Pointer.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-29T14:03:06.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/oss-sec/2022/q1/205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066614"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2022-1016"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1016",
    "datePublished": "2022-08-29T14:03:06.000Z",
    "dateReserved": "2022-03-17T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:47:42.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1048 (GCVE-0-2022-1048)

Vulnerability from cvelistv5 – Published: 2022-04-29 15:34 – Updated: 2024-08-02 23:47

Summary

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Severity

No CVSS data available.

CWE

CWE-416

Assigner

redhat

References

5 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2066706	x_refsource_MISC
https://lore.kernel.org/lkml/20220322170720.3529-…	x_refsource_MISC
https://www.debian.org/security/2022/dsa-5127	vendor-advisoryx_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-2022062…	x_refsource_CONFIRM
https://www.debian.org/security/2022/dsa-5173	vendor-advisoryx_refsource_DEBIAN

Impacted products

1 product

Vendor	Product	Version
n/a	kernel	Affected: Linux kernel 5.17-rc9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:47:43.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai%40suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3"
          },
          {
            "name": "DSA-5127",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5127"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220629-0001/"
          },
          {
            "name": "DSA-5173",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel 5.17-rc9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free flaw was found in the Linux kernel\u2019s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-04T10:06:10.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai%40suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3"
        },
        {
          "name": "DSA-5127",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5127"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220629-0001/"
        },
        {
          "name": "DSA-5173",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-1048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Linux kernel 5.17-rc9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free flaw was found in the Linux kernel\u2019s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066706"
            },
            {
              "name": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai@suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3",
              "refsource": "MISC",
              "url": "https://lore.kernel.org/lkml/20220322170720.3529-5-tiwai@suse.de/T/#m1d3b791b815556012c6be92f1c4a7086b854f7f3"
            },
            {
              "name": "DSA-5127",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5127"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220629-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220629-0001/"
            },
            {
              "name": "DSA-5173",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1048",
    "datePublished": "2022-04-29T15:34:44.000Z",
    "dateReserved": "2022-03-22T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:47:43.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1184 (GCVE-0-2022-1184)

Vulnerability from cvelistv5 – Published: 2022-08-29 00:00 – Updated: 2024-08-02 23:55

Summary

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

Severity

No CVSS data available.

CWE

CWE-416 - - Use After Free

Assigner

redhat

References

5 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2070205
https://access.redhat.com/security/cve/CVE-2022-1184
https://ubuntu.com/security/CVE-2022-1184
https://www.debian.org/security/2022/dsa-5257	vendor-advisory
https://lists.debian.org/debian-lts-announce/2022…	mailing-list

Impacted products

1 product

Vendor	Product	Version
n/a	Kernel	Affected: Not-known

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:55:24.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070205"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-1184"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/CVE-2022-1184"
          },
          {
            "name": "DSA-5257",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5257"
          },
          {
            "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Not-known"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel\u2019s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 - Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-01T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070205"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2022-1184"
        },
        {
          "url": "https://ubuntu.com/security/CVE-2022-1184"
        },
        {
          "name": "DSA-5257",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5257"
        },
        {
          "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1184",
    "datePublished": "2022-08-29T00:00:00.000Z",
    "dateReserved": "2022-03-30T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:55:24.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1280 (GCVE-0-2022-1280)

Vulnerability from cvelistv5 – Published: 2022-04-13 17:05 – Updated: 2024-08-02 23:55

Summary

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.

Severity

No CVSS data available.

CWE

CWE-416

Assigner

redhat

References

2 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2071022	x_refsource_MISC
https://www.openwall.com/lists/oss-security/2022/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	kernel	Affected: kernel 5.17.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:55:24.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071022"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/04/12/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 5.17.x"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-13T17:05:51.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071022"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2022/04/12/3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-1280",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "kernel 5.17.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2071022",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071022"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2022/04/12/3",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2022/04/12/3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1280",
    "datePublished": "2022-04-13T17:05:51.000Z",
    "dateReserved": "2022-04-08T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:55:24.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-1353 (GCVE-0-2022-1353)

Vulnerability from cvelistv5 – Published: 2022-04-29 15:46 – Updated: 2024-08-03 00:03

Summary

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

Severity

No CVSS data available.

CWE

CWE-200

Assigner

redhat

References

6 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2066819	x_refsource_MISC
https://github.com/torvalds/linux/commit/9a564bcc…	x_refsource_MISC
https://www.debian.org/security/2022/dsa-5127	vendor-advisoryx_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-2022062…	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2022/dsa-5173	vendor-advisoryx_refsource_DEBIAN

Impacted products

1 product

Vendor	Product	Version
n/a	Kernel	Affected: kernel 5.17 rc12

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:03:05.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066819"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c"
          },
          {
            "name": "DSA-5127",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5127"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220629-0001/"
          },
          {
            "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
          },
          {
            "name": "DSA-5173",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 5.17 rc12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-04T10:08:21.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066819"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c"
        },
        {
          "name": "DSA-5127",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5127"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220629-0001/"
        },
        {
          "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
        },
        {
          "name": "DSA-5173",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-1353",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "kernel 5.17 rc12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2066819",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066819"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c"
            },
            {
              "name": "DSA-5127",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5127"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220629-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220629-0001/"
            },
            {
              "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html"
            },
            {
              "name": "DSA-5173",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-1353",
    "datePublished": "2022-04-29T15:46:44.000Z",
    "dateReserved": "2022-04-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:03:05.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2022:7933

Vulnerability from osv_almalinux

CVE-2020-36516 (GCVE-0-2020-36516)

CVE-2021-3640 (GCVE-0-2021-3640)

CVE-2022-0168 (GCVE-0-2022-0168)

CVE-2022-0617 (GCVE-0-2022-0617)

CVE-2022-0854 (GCVE-0-2022-0854)

CVE-2022-1016 (GCVE-0-2022-1016)

CVE-2022-1048 (GCVE-0-2022-1048)

CVE-2022-1184 (GCVE-0-2022-1184)

CVE-2022-1280 (GCVE-0-2022-1280)

CVE-2022-1353 (GCVE-0-2022-1353)

Tags

Sightings

Nomenclature