Log

AVG-2740 edited at 21 Mar 2023 19:54:16
Advisory qualified
- Yes
+ No
AVG-2735 edited at 21 Mar 2023 19:54:00
Advisory qualified
- Yes
+ No
AVG-2734 edited at 21 Mar 2023 19:53:47
Advisory qualified
- Yes
+ No
AVG-2733 edited at 21 Mar 2023 19:53:27
Advisory qualified
- Yes
+ No
AVG-2732 edited at 21 Mar 2023 19:52:58
Advisory qualified
- Yes
+ No
CVE-2022-4382 created at 21 Mar 2023 19:36:23
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ use-after-free in in gadgetfs driver when concurrently mounting and unmounting the gadgetfs filesystem between gadgetfs_fill_super() and race with gadgetfs_kill_sb()
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d18dcfe9860e842f394e37ba01ca9440ab2178f4
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e5d82a7360d124ae1a38c2a5eac92ba49b125191
+ https://kernel.dance/#CVE-2022-4382
Notes
CVE-2022-4378 created at 21 Mar 2023 19:30:22
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ integer type confusion in get_proc_long
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6cfaf34be9fcd1a8285a294e18986bfc41a409c
Notes
AVG-2821 edited at 02 Mar 2023 14:01:48
Severity
- Unknown
+ High
CVE-2022-37434 edited at 02 Mar 2023 14:01:48
Severity
- Unknown
+ High
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader.
References
+ https://github.com/archlinux/svntogit-packages/commit/842507fff025b6e7f447082988051155d932cd49
Notes
CVE-2022-36879 created at 01 Mar 2023 21:49:30
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ double xfrm_pols_put() in xfrm_bundle_lookup()
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f85daf0e725358be78dfd208dea5fd665d8cb901
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=80c802f3073e84c956846e921e8a0b02dfa3755f
+ https://kernel.dance/#CVE-2022-36879
Notes
CVE-2023-23455 created at 01 Mar 2023 21:32:09
Severity
+ Unknown
Remote
+ Unknown
Type
+ Insufficient validation
Description
+ the return code of of tcf_classify is insufficiently validated before interpreting part of the result as a pointer in the network schedulers code
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b
+ https://kernel.dance/#CVE-2023-23455
+ https://www.openwall.com/lists/oss-security/2023/01/10/1
+ https://www.openwall.com/lists/oss-security/2023/01/10/4
Notes