Log

CVE-2023-25012 created at 27 Feb 2023 23:19:51
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long
References
+ https://seclists.org/oss-sec/2023/q1/53
+ https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/
Notes
CVE-2022-47946 created at 27 Feb 2023 23:15:24
Severity
+ Unknown
Remote
+ Unknown
Type
+ Denial of service
Description
+ use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service
References
+ https://www.openwall.com/lists/oss-security/2022/12/22/2
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161&id=0f544353fec8e717d37724d95b92538e1de79e86
Notes
CVE-2022-47943 created at 27 Feb 2023 23:08:28
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ out-of-bounds read memory can be written to a file, if DataOffset is 0 and Length is too large in SMB2_WRITE request of compound request in
+ fs/ksmbd/smb2misc.c can allow a remote authenticated attacker to disclose sensitive information
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ac60778b87e45576d7bfdbd6f53df902654e6f09
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9
+ https://kernel.dance/#CVE-2022-47943
+ https://www.zerodayinitiative.com/advisories/ZDI-22-1691/
Notes
CVE-2022-39842 created at 27 Feb 2023 22:55:22
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ I pxa3xx_gcu_write defined in drivers/video/fbdev/pxa3xx-gcu.c, a count parameter of type size_t is passed to words of type int. Then, copy_from_user() may cause a heap overflow because it is used as the third argument of copy_from_user()
References
+ https://github.com/torvalds/linux/commit/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7
+ https://kernel.dance/#CVE-2022-39842
Notes
CVE-2022-3544 created at 27 Feb 2023 22:45:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ memory leak in damon_sysfs_add_target defined in mm/damon/sysfs.c part of Netfilter
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git/commit/?id=1c8e2349f2d033f634d046063b704b2ca6c46972
+ https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git/commit/?id=a61ea561c87139992fe32afdee48a6f6b85d824a
+ https://kernel.dance/#CVE-2022-3544
Notes
CVE-2023-25139 edited at 27 Feb 2023 22:18:56
Description
+ buffer overflow in sprintf(3) due to a regression where after the refactor the implementation does not
+ account for grouping characters during padding of the width
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=30068
+ https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0
Notes
AVG-2833 created at 27 Feb 2023 22:14:07
Packages
+ glibc
+ lib32-glibc
Issues
+ CVE-2023-25139
Status
+ Fixed
Severity
+ Unknown
Affected
+ 2.37-1
Fixed
+ 2.37-2
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2023-25139 created at 27 Feb 2023 22:14:07
CVE-2023-25136 edited at 27 Feb 2023 22:07:26
Remote
- Unknown
+ Remote
Description
+ pre-authentication double-free in unpriviledged sandboxed client process when the connecting clients banner causes the SSH_OLD_DHGEX to be set on the server
References
+ https://www.openwall.com/lists/oss-security/2023/02/02/2
+ https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946
+ https://bugzilla.mindrot.org/show_bug.cgi?id=3522
Notes
+ introduced in 9.1, actual exploitability still being investigated
AVG-2832 created at 27 Feb 2023 21:58:15
Packages
+ openssh
Issues
+ CVE-2023-25136
Status
+ Fixed
Severity
+ Unknown
Affected
+ 9.1p1-3
Fixed
+ 9.2p1-1
Ticket
Advisory qualified
+ No
References
Notes
CVE-2023-25136 created at 27 Feb 2023 21:58:15
AVG-2831 edited at 27 Feb 2023 21:54:43
Status
- Unknown
+ Fixed