AVG-2834 log

Package linux-lts
Status Unknown
Severity High
Type multiple issues
Affected 5.15.94-1
Fixed 6.1-1
Current 6.1.22-1 [core]
Ticket None
Created Mon Feb 27 23:30:20 2023
Issue Severity Remote Type Description
CVE-2023-25012 Unknown Unknown Unknown
Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long
CVE-2023-23455 Unknown Unknown Insufficient validation
the return code of of tcf_classify is insufficiently validated before interpreting part of the result as a pointer in the network schedulers code
CVE-2023-23454 Unknown Unknown Denial of service
cbq_classify in net/sched/sch_cbq.c allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non- negative numbers...
CVE-2023-0394 Unknown Unknown Unknown
memory corruption with IPV6_CHECKSUM socket option
CVE-2022-47946 Unknown Unknown Denial of service
use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service
CVE-2022-47943 High Yes Information disclosure
out-of-bounds read memory can be written to a file, if DataOffset is 0 and Length is too large in SMB2_WRITE request of compound request in...
CVE-2022-47942 Unknown Unknown Unknown
heap-overflow in set_ntacl_dacl() when setting a malformed file attribute under the label `security.NTACL` using SMB2_SET_INFO_HE followed by SMB2_QUERY_INFO_HE
CVE-2022-47941 Unknown Unknown Unknown
memory leak in smb2_handle_negotiate() under error conditions
CVE-2022-47940 Unknown Unknown Insufficient validation
smb2_write() and smb2_write_pipe do not avlidate the length when no padding is used
CVE-2022-47939 Unknown Unknown Unknown
use-after-free in smb2_tree_disconnect) when a danging pointer is accessed in compound requests
CVE-2022-47938 Unknown Unknown Unknown
out of bound read in smb2_tree_connnect
CVE-2022-47929 Unknown Unknown Unknown
null pointer dereference in net/sched/sch_api.c
CVE-2022-43945 Unknown Unknown Unknown
send buffer overflow in NFSv2 READDIR
CVE-2022-43750 Unknown No Unknown
userspace can cause kernel memory corruption in drivers/usb/mon/mon_bin.c
CVE-2022-42896 High Yes Arbitrary code execution
use-after-free in net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req may allow code execution and leaking kernel memory (respectively)...
CVE-2022-42895 Medium Yes Information disclosure
infoleak in net/bluetooth/l2cap_core.c's l2cap_parse_conf_req can be used to leak kernel pointers remotely
CVE-2022-41849 Unknown No Unknown
use-after-free in ufx_ops_open() due to race condition with ufx_usb_disconnect() when disconnecting a usb device while calling open() on the device
CVE-2022-41218 Unknown Unknown Unknown
use-after-free when dvb_demux_open() is called between the two syncs of dvbdev->users and dvr_dvbdev->users in dvb_dmxdev_release()
CVE-2022-39842 Unknown Unknown Unknown
I pxa3xx_gcu_write defined in  drivers/video/fbdev/pxa3xx-gcu.c, a count parameter of type size_t is passed to words of type int.  Then, copy_from_user()...
CVE-2022-36946 Unknown Yes Denial of service
nfqnl_mangle in net/netfilter/nfnetlink_queue.c allows remote attackers to cause a denial of service in the case of a nf_queue verdict with a one-byte...
CVE-2022-36879 Unknown Unknown Unknown
double xfrm_pols_put() in xfrm_bundle_lookup()
CVE-2022-34495 Unknown Unknown Unknown
double-free in rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c
CVE-2022-32296 Unknown Unknown Unknown
tcp clients could be fingerprinted due to insufficient randomness when selecting the source port
CVE-2022-4382 Unknown Unknown Unknown
use-after-free in in gadgetfs driver when concurrently mounting and unmounting the gadgetfs filesystem between gadgetfs_fill_super() and race with gadgetfs_kill_sb()
CVE-2022-4378 Unknown Unknown Unknown
integer type confusion in get_proc_long
CVE-2022-3649 Unknown Unknown Unknown
use-after-free in nilfs_new_inode in fs/nilfs2/inode.c
CVE-2022-3646 Unknown Unknown Unknown
memory leak when nilfs_attach_log_writer() fails to create a log writer thread
CVE-2022-3586 Unknown Unknown Unknown
potential use-after-free in sch_sfb enqueue()
CVE-2022-3545 Unknown Unknown Unknown
use-after-free in nfp6000_area_init in drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c
CVE-2022-3543 Unknown Unknown Unknown
memory leaks in net/unix/af_unix.c
CVE-2022-3541 Unknown Unknown Unknown
use after free in spl2sw_nvmem_get_mac_address
CVE-2022-3524 Unknown Unknown Denial of service
memory leak in ipv6_renew_options() when one thread is converting an IPv6 socket into IPv4 with IPV6_ADDRFORM while another thread calls...
CVE-2022-3239 Unknown Unknown Unknown
CVE-2022-3028 Unknown Unknown Unknown
race-condition with xfrm_probe_algs() in net/key/af_key.c
CVE-2022-2978 Unknown Unknown Unknown
In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then...
CVE-2022-2153 Unknown No Denial of service
NULL pointer dereference in kvm_irq_delivery_to_apic_fast() could cause the the host to crash