Vulnerabilites related to The Linux Kernel Organization - linux
cve-2022-2585
Vulnerability from cvelistv5
Published
2024-01-08 17:38
Modified
2024-09-04 19:03
Severity ?
EPSS score ?
Summary
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-5566-1 | third-party-advisory | |
| https://ubuntu.com/security/notices/USN-5564-1 | third-party-advisory | |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 | issue-tracking | |
| https://ubuntu.com/security/notices/USN-5567-1 | third-party-advisory | |
| https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u | issue-tracking | |
| https://www.openwall.com/lists/oss-security/2022/08/09/7 | issue-tracking | |
| https://ubuntu.com/security/notices/USN-5565-1 | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Linux Kernel Organization | linux |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:39:08.282Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5566-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5564-1", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5567-1", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/08/09/7", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5565-1", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-2585", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-02T17:22:39.159224Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-04T19:03:25.626Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { packageName: "linux", platforms: [ "Linux", ], product: "linux", repo: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", vendor: "The Linux Kernel Organization", versions: [ { lessThan: "6.0~rc1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "An independent security researcher working with SSD Secure Disclosure", }, ], descriptions: [ { lang: "en", value: "It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-08T17:38:27.327Z", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5566-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5564-1", }, { tags: [ "issue-tracking", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5567-1", }, { tags: [ "issue-tracking", ], url: "https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u", }, { tags: [ "issue-tracking", ], url: "https://www.openwall.com/lists/oss-security/2022/08/09/7", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5565-1", }, ], }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2022-2585", datePublished: "2024-01-08T17:38:27.327Z", dateReserved: "2022-07-29T21:59:31.316Z", dateUpdated: "2024-09-04T19:03:25.626Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2588
Vulnerability from cvelistv5
Published
2024-01-08 17:50
Modified
2024-08-03 00:39
Severity ?
EPSS score ?
Summary
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Linux Kernel Organization | linux |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:39:08.044Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5565-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5562-1", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/08/09/6", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5582-1", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5564-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5566-1", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-1117/", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5588-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5560-1", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/Markakd/CVE-2022-2588", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5567-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5560-2", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5557-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { packageName: "linux", platforms: [ "Linux", ], product: "linux", repo: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", vendor: "The Linux Kernel Organization", versions: [ { lessThan: "6.0~rc1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Zhenpeng Lin working with Trend Micro's Zero Day Initiative", }, ], descriptions: [ { lang: "en", value: "It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-08T17:50:47.948Z", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5565-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5562-1", }, { tags: [ "issue-tracking", ], url: "https://www.openwall.com/lists/oss-security/2022/08/09/6", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5582-1", }, { tags: [ "issue-tracking", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5564-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5566-1", }, { tags: [ "issue-tracking", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-1117/", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5588-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5560-1", }, { tags: [ "issue-tracking", ], url: "https://github.com/Markakd/CVE-2022-2588", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5567-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5560-2", }, { tags: [ "issue-tracking", ], url: "https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5557-1", }, ], }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2022-2588", datePublished: "2024-01-08T17:50:47.948Z", dateReserved: "2022-07-29T23:41:31.412Z", dateUpdated: "2024-08-03T00:39:08.044Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6040
Vulnerability from cvelistv5
Published
2024-01-12 01:37
Modified
2025-02-13 17:26
Severity ?
EPSS score ?
Summary
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Linux Kernel Organization | linux |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:21:17.118Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "issue-tracking", "x_transferred", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040", }, { tags: [ "mailing-list", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2024/01/12/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/12/1", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { packageName: "linux", platforms: [ "Linux", ], product: "linux", repo: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", vendor: "The Linux Kernel Organization", versions: [ { lessThan: "5.18-rc1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Lin Ma from Ant Security Light-Year Lab & ZJU", }, ], descriptions: [ { lang: "en", value: "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T12:12:45.871Z", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { tags: [ "issue-tracking", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040", }, { tags: [ "mailing-list", ], url: "https://www.openwall.com/lists/oss-security/2024/01/12/1", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/12/1", }, { url: "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", }, ], title: "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family)", workarounds: [ { lang: "en", value: "Disabling unprivileged user namespaces mitigates the issue.", }, ], }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2023-6040", datePublished: "2024-01-12T01:37:45.387Z", dateReserved: "2023-11-08T20:12:50.288Z", dateUpdated: "2025-02-13T17:26:02.474Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2602
Vulnerability from cvelistv5
Published
2024-01-08 17:56
Modified
2025-02-13 16:32
Severity ?
EPSS score ?
Summary
io_uring UAF, Unix SCM garbage collection
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-5692-1 | third-party-advisory | |
| https://ubuntu.com/security/notices/USN-5752-1 | third-party-advisory | |
| https://ubuntu.com/security/notices/USN-5693-1 | third-party-advisory | |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602 | issue-tracking | |
| https://ubuntu.com/security/notices/USN-5691-1 | third-party-advisory | |
| https://ubuntu.com/security/notices/USN-5700-1 | third-party-advisory | |
| http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Linux Kernel Organization | linux |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:46:03.143Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5692-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5752-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5693-1", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5691-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5700-1", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { packageName: "linux", platforms: [ "Linux", ], product: "linux", repo: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", vendor: "The Linux Kernel Organization", versions: [ { lessThan: "6.1~rc1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "David Bouman", }, { lang: "en", type: "finder", value: "Billy Jheng Bing Jhong working with Trend Micro's Zero Day Initiative", }, ], descriptions: [ { lang: "en", value: "io_uring UAF, Unix SCM garbage collection", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T16:06:18.102Z", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5692-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5752-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5693-1", }, { tags: [ "issue-tracking", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5691-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5700-1", }, { url: "http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html", }, ], }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2022-2602", datePublished: "2024-01-08T17:56:16.403Z", dateReserved: "2022-08-01T19:49:01.609Z", dateUpdated: "2025-02-13T16:32:28.768Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3600
Vulnerability from cvelistv5
Published
2024-01-08 18:16
Modified
2024-09-04 15:38
Severity ?
EPSS score ?
Summary
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 | issue-tracking | |
| https://ubuntu.com/security/notices/USN-5003-1 | third-party-advisory | |
| https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 | issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Linux Kernel Organization | linux |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:01:07.551Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "issue-tracking", "x_transferred", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5003-1", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-3600", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-13T19:37:54.684327Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-04T15:38:28.022Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { packageName: "linux", platforms: [ "Linux", ], product: "linux", repo: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", vendor: "The Linux Kernel Organization", versions: [ { lessThan: "5.11", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", }, ], providerMetadata: { dateUpdated: "2024-01-08T18:16:42.087Z", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { tags: [ "issue-tracking", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5003-1", }, { tags: [ "issue-tracking", ], url: "https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90", }, ], }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2021-3600", datePublished: "2024-01-08T18:16:42.087Z", dateReserved: "2021-06-12T00:16:40.778Z", dateUpdated: "2024-09-04T15:38:28.022Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2586
Vulnerability from cvelistv5
Published
2024-01-08 17:46
Modified
2024-08-19 07:48
Severity ?
EPSS score ?
Summary
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-5564-1 | third-party-advisory | |
| https://ubuntu.com/security/notices/USN-5560-2 | third-party-advisory | |
| https://ubuntu.com/security/notices/USN-5582-1 | third-party-advisory | |
| https://ubuntu.com/security/notices/USN-5567-1 | third-party-advisory | |
| https://ubuntu.com/security/notices/USN-5560-1 | third-party-advisory | |
| https://ubuntu.com/security/notices/USN-5566-1 | third-party-advisory | |
| https://www.openwall.com/lists/oss-security/2022/08/09/5 | issue-tracking | |
| https://ubuntu.com/security/notices/USN-5565-1 | third-party-advisory | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-1118/ | issue-tracking | |
| https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t | issue-tracking | |
| https://ubuntu.com/security/notices/USN-5562-1 | third-party-advisory | |
| https://ubuntu.com/security/notices/USN-5557-1 | third-party-advisory | |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586 | issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Linux Kernel Organization | linux |
Version: 0 ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "linux_kernel", vendor: "linux", versions: [ { lessThan: "6.0-rc1", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-2586", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T15:34:35.432398Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-06-26", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T16:20:22.577Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, timeline: [ { lang: "en", time: "2024-06-26T00:00:00+00:00", value: "CVE-2022-2586 added to CISA KEV", }, ], title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-19T07:48:13.351Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5564-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5560-2", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5582-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5567-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5560-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5566-1", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/08/09/5", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5565-1", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5562-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5557-1", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586", }, { url: "https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { packageName: "linux", platforms: [ "Linux", ], product: "linux", repo: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", vendor: "The Linux Kernel Organization", versions: [ { lessThan: "6.0~rc1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Team Orca of Sea Security (@seasecresponse) working with Trend Micro's Zero Day Initiative", }, ], descriptions: [ { lang: "en", value: "It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-08T17:46:06.110Z", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5564-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5560-2", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5582-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5567-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5560-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5566-1", }, { tags: [ "issue-tracking", ], url: "https://www.openwall.com/lists/oss-security/2022/08/09/5", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5565-1", }, { tags: [ "issue-tracking", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/", }, { tags: [ "issue-tracking", ], url: "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5562-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5557-1", }, { tags: [ "issue-tracking", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586", }, ], }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2022-2586", datePublished: "2024-01-08T17:46:06.110Z", dateReserved: "2022-07-29T22:01:19.576Z", dateUpdated: "2024-08-19T07:48:13.351Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-1032
Vulnerability from cvelistv5
Published
2024-01-08 18:11
Modified
2024-08-27 15:48
Severity ?
EPSS score ?
Summary
The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2023/03/13/2 | issue-tracking | |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 | issue-tracking | |
| https://ubuntu.com/security/notices/USN-6033-1 | third-party-advisory | |
| https://ubuntu.com/security/notices/USN-6024-1 | third-party-advisory | |
| https://ubuntu.com/security/notices/USN-5977-1 | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Linux Kernel Organization | linux |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T05:32:46.335Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "issue-tracking", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/03/13/2", }, { tags: [ "issue-tracking", "x_transferred", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-6033-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-6024-1", }, { tags: [ "third-party-advisory", "x_transferred", ], url: "https://ubuntu.com/security/notices/USN-5977-1", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-1032", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-27T15:47:40.301600Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-27T15:48:22.031Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { packageName: "linux", platforms: [ "Linux", ], product: "linux", repo: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", vendor: "The Linux Kernel Organization", versions: [ { lessThan: "6.3~rc2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Thadeu Cascardo", }, ], descriptions: [ { lang: "en", value: "The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-415", description: "CWE-415", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-08T18:11:31.951Z", orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", shortName: "canonical", }, references: [ { tags: [ "issue-tracking", ], url: "https://www.openwall.com/lists/oss-security/2023/03/13/2", }, { tags: [ "issue-tracking", ], url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-6033-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-6024-1", }, { tags: [ "third-party-advisory", ], url: "https://ubuntu.com/security/notices/USN-5977-1", }, ], }, }, cveMetadata: { assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc", assignerShortName: "canonical", cveId: "CVE-2023-1032", datePublished: "2024-01-08T18:11:31.951Z", dateReserved: "2023-02-24T23:38:08.581Z", dateUpdated: "2024-08-27T15:48:22.031Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }