Log

CVE-2022-3545 created at 28 Feb 2023 19:51:32
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ use-after-free in nfp6000_area_init in drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a
+ https://kernel.dance/#CVE-2022-3545
Notes
CVE-2022-2978 created at 28 Feb 2023 19:46:25
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode() returns true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(), which frees the uninitialized inode->i_private and leads to crashes(e.g., UAF/GPF)
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e488f13755ffbb60f307e991b27024716a33b29
+ https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91@hust.edu.cn/T/#u
+ https://kernel.dance/#CVE-2022-2978
Notes
CVE-2022-42895 created at 28 Feb 2023 19:25:51
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ infoleak in net/bluetooth/l2cap_core.c's l2cap_parse_conf_req can be used to leak kernel pointers remotely
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b1a2cd50c0357f243b7435a732b4e62ba3157a2e
+ https://seclists.org/oss-sec/2022/q4/190
+ https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357
+ https://kernel.dance/#CVE-2022-42895
Notes
CVE-2022-36946 created at 28 Feb 2023 19:18:25
Severity
+ Unknown
Remote
+ Remote
Type
+ Denial of service
Description
+ nfqnl_mangle in net/netfilter/nfnetlink_queue.c allows remote attackers to cause a denial of service in the case of a nf_queue verdict with a one-byte nfta_payload attribute skb_pull can encounter a negative skb->len
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7af4cc3fa158ff1dda6e7451c7e6afa6b0bb85cb
+ https://marc.info/?l=netfilter-devel&m=165883202007292&w=2
+ https://kernel.dance/#CVE-2022-36946
Notes
AVG-2837 created at 27 Feb 2023 23:32:56
Packages
+ linux
Issues
+ CVE-2022-3544
+ CVE-2022-39842
+ CVE-2022-42896
+ CVE-2022-47943
+ CVE-2022-47946
+ CVE-2023-25012
Status
+ Unknown
Severity
+ High
Affected
+ 6.0.12-1
Fixed
+ 6.1-1
Ticket
Advisory qualified
+ No
References
Notes
+ bulk-add
+ WIP
AVG-2836 created at 27 Feb 2023 23:32:15
Packages
+ linux-zen
Issues
+ CVE-2022-3544
+ CVE-2022-39842
+ CVE-2022-42896
+ CVE-2022-47943
+ CVE-2022-47946
+ CVE-2023-25012
Status
+ Unknown
Severity
+ High
Affected
+ 6.0.12-1
Fixed
+ 6.1-1
Ticket
Advisory qualified
+ No
References
Notes
+ bulk-add
+ WIP
AVG-2835 created at 27 Feb 2023 23:31:14
Packages
+ linux-hardened
Issues
+ CVE-2022-3544
+ CVE-2022-39842
+ CVE-2022-42896
+ CVE-2022-47943
+ CVE-2022-47946
+ CVE-2023-25012
Status
+ Unknown
Severity
+ High
Affected
+ 6.0.19-1
Fixed
+ 6.1-1
Ticket
Advisory qualified
+ No
References
Notes
+ bulk-add
+ WIP
AVG-2834 created at 27 Feb 2023 23:30:19
Packages
+ linux-lts
Issues
+ CVE-2022-39842
+ CVE-2022-42896
+ CVE-2022-47943
+ CVE-2022-47946
+ CVE-2023-25012
Status
+ Unknown
Severity
+ High
Affected
+ 5.15.94-1
Fixed
+ 6.1-1
Ticket
Advisory qualified
+ No
References
Notes
+ bulk-add
+ WIP
CVE-2022-42896 edited at 27 Feb 2023 23:28:52
Severity
- Unknown
+ High
CVE-2022-42896 created at 27 Feb 2023 23:28:28
Severity
+ Unknown
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ use-after-free in net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth
References
+ https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4
+ https://kernel.dance/#CVE-2022-42896
Notes