Log

AVG-2835 created at 27 Feb 2023 23:31:14
Packages
+ linux-hardened
Issues
+ CVE-2022-3544
+ CVE-2022-39842
+ CVE-2022-42896
+ CVE-2022-47943
+ CVE-2022-47946
+ CVE-2023-25012
Status
+ Unknown
Severity
+ High
Affected
+ 6.0.19-1
Fixed
+ 6.1-1
Ticket
Advisory qualified
+ No
References
Notes
+ bulk-add
+ WIP
AVG-2834 created at 27 Feb 2023 23:30:19
Packages
+ linux-lts
Issues
+ CVE-2022-39842
+ CVE-2022-42896
+ CVE-2022-47943
+ CVE-2022-47946
+ CVE-2023-25012
Status
+ Unknown
Severity
+ High
Affected
+ 5.15.94-1
Fixed
+ 6.1-1
Ticket
Advisory qualified
+ No
References
Notes
+ bulk-add
+ WIP
CVE-2022-42896 edited at 27 Feb 2023 23:28:52
Severity
- Unknown
+ High
CVE-2022-42896 created at 27 Feb 2023 23:28:28
Severity
+ Unknown
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ use-after-free in net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth
References
+ https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4
+ https://kernel.dance/#CVE-2022-42896
Notes
CVE-2023-25012 created at 27 Feb 2023 23:19:51
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long
References
+ https://seclists.org/oss-sec/2023/q1/53
+ https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/
Notes
CVE-2022-47946 created at 27 Feb 2023 23:15:24
Severity
+ Unknown
Remote
+ Unknown
Type
+ Denial of service
Description
+ use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service
References
+ https://www.openwall.com/lists/oss-security/2022/12/22/2
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161&id=0f544353fec8e717d37724d95b92538e1de79e86
Notes
CVE-2022-47943 created at 27 Feb 2023 23:08:28
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ out-of-bounds read memory can be written to a file, if DataOffset is 0 and Length is too large in SMB2_WRITE request of compound request in
+ fs/ksmbd/smb2misc.c can allow a remote authenticated attacker to disclose sensitive information
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ac60778b87e45576d7bfdbd6f53df902654e6f09
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9
+ https://kernel.dance/#CVE-2022-47943
+ https://www.zerodayinitiative.com/advisories/ZDI-22-1691/
Notes
CVE-2022-39842 created at 27 Feb 2023 22:55:22
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
+ I pxa3xx_gcu_write defined in drivers/video/fbdev/pxa3xx-gcu.c, a count parameter of type size_t is passed to words of type int. Then, copy_from_user() may cause a heap overflow because it is used as the third argument of copy_from_user()
References
+ https://github.com/torvalds/linux/commit/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7
+ https://kernel.dance/#CVE-2022-39842
Notes
CVE-2022-3544 created at 27 Feb 2023 22:45:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ memory leak in damon_sysfs_add_target defined in mm/damon/sysfs.c part of Netfilter
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git/commit/?id=1c8e2349f2d033f634d046063b704b2ca6c46972
+ https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next.git/commit/?id=a61ea561c87139992fe32afdee48a6f6b85d824a
+ https://kernel.dance/#CVE-2022-3544
Notes
CVE-2023-25139 edited at 27 Feb 2023 22:18:56
Description
+ buffer overflow in sprintf(3) due to a regression where after the refactor the implementation does not
+ account for grouping characters during padding of the width
References
+ https://sourceware.org/bugzilla/show_bug.cgi?id=30068
+ https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0
Notes