Log

CVE-2022-3649 created at 28 Feb 2023 20:58:46
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ use-after-free in nilfs_new_inode in fs/nilfs2/inode.c
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d325dc6eb763c10f591c239550b8c7e5466a5d09
+ https://vuldb.com/?id.211992
+ https://kernel.dance/#CVE-2022-3649
Notes
CVE-2022-34495 created at 28 Feb 2023 20:46:14
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ double-free in rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c2eecefec5df1306eafce28ccdf1ca159a552ecc
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c486682ae1e2b149add22f44cf413b3103e3ef39
+ https://kernel.dance/#CVE-2022-34495
Notes
CVE-2022-2153 created at 28 Feb 2023 20:42:08
Severity
+ Unknown
Remote
+ Local
Type
+ Denial of service
Description
+ NULL pointer dereference in kvm_irq_delivery_to_apic_fast() could cause the the host to crash
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=00b5f37189d24ac3ed46cb7f11742094778c46ce
+ https://www.openwall.com/lists/oss-security/2022/06/22/1
+ https://kernel.dance/#CVE-2022-2153
Notes
CVE-2023-23454 created at 28 Feb 2023 20:35:38
Severity
+ Unknown
Remote
+ Unknown
Type
+ Denial of service
Description
+ cbq_classify in net/sched/sch_cbq.c allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results)
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
+ https://www.openwall.com/lists/oss-security/2023/01/10/4
+ https://kernel.dance/#CVE-2023-23454
Notes
CVE-2022-3545 created at 28 Feb 2023 19:51:32
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ use-after-free in nfp6000_area_init in drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a
+ https://kernel.dance/#CVE-2022-3545
Notes
CVE-2022-2978 created at 28 Feb 2023 19:46:25
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode() returns true and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(), which frees the uninitialized inode->i_private and leads to crashes(e.g., UAF/GPF)
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e488f13755ffbb60f307e991b27024716a33b29
+ https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91@hust.edu.cn/T/#u
+ https://kernel.dance/#CVE-2022-2978
Notes
CVE-2022-42895 created at 28 Feb 2023 19:25:51
Severity
+ Medium
Remote
+ Remote
Type
+ Information disclosure
Description
+ infoleak in net/bluetooth/l2cap_core.c's l2cap_parse_conf_req can be used to leak kernel pointers remotely
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b1a2cd50c0357f243b7435a732b4e62ba3157a2e
+ https://seclists.org/oss-sec/2022/q4/190
+ https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357
+ https://kernel.dance/#CVE-2022-42895
Notes
CVE-2022-36946 created at 28 Feb 2023 19:18:25
Severity
+ Unknown
Remote
+ Remote
Type
+ Denial of service
Description
+ nfqnl_mangle in net/netfilter/nfnetlink_queue.c allows remote attackers to cause a denial of service in the case of a nf_queue verdict with a one-byte nfta_payload attribute skb_pull can encounter a negative skb->len
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7af4cc3fa158ff1dda6e7451c7e6afa6b0bb85cb
+ https://marc.info/?l=netfilter-devel&m=165883202007292&w=2
+ https://kernel.dance/#CVE-2022-36946
Notes
AVG-2837 created at 27 Feb 2023 23:32:56
Packages
+ linux
Issues
+ CVE-2022-3544
+ CVE-2022-39842
+ CVE-2022-42896
+ CVE-2022-47943
+ CVE-2022-47946
+ CVE-2023-25012
Status
+ Unknown
Severity
+ High
Affected
+ 6.0.12-1
Fixed
+ 6.1-1
Ticket
Advisory qualified
+ No
References
Notes
+ bulk-add
+ WIP
AVG-2836 created at 27 Feb 2023 23:32:15
Packages
+ linux-zen
Issues
+ CVE-2022-3544
+ CVE-2022-39842
+ CVE-2022-42896
+ CVE-2022-47943
+ CVE-2022-47946
+ CVE-2023-25012
Status
+ Unknown
Severity
+ High
Affected
+ 6.0.12-1
Fixed
+ 6.1-1
Ticket
Advisory qualified
+ No
References
Notes
+ bulk-add
+ WIP