certfr_avis - CERTFR-2022-AVI-238

CERTFR-2022-AVI-238

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - AUS 8.4 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - TUS 8.4 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time 8 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - AUS 7.7 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat	Red Hat CodeReady Linux Builder	Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Red Hat	Red Hat Enterprise Linux Server	Red Hat Enterprise Linux Server - TUS 7.7 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
Red Hat	N/A	Red Hat Virtualization Host 4 for RHEL 8 x86_64
Red Hat	Red Hat Enterprise Linux	Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64

References

Title

Publication Time

Tags

Bulletin de sécurité Red Hat RHSA-2022:0819 du 10 mars 2022	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2022:0825 du 10 mars 2022	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2022:0822 du 10 mars 2022	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2022:0823 du 10 mars 2022	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2022:0831 du 10 mars 2022	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2022:0820 du 10 mars 2022	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2022:0821 du 10 mars 2022	None	vendor-advisory
Bulletin de sécurité Red Hat RHSA-2022:0712 du 01 mars 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat Enterprise Linux for Power, little endian 8 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - AUS 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for IBM z Systems 8 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - TUS 8.2 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for x86_64 8 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - TUS 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time 8 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - AUS 7.7 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for ARM 64 8 aarch64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for ARM 64 8 aarch64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time for NFV 8 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for x86_64 8 x86_64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - AUS 8.2 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le",
      "product": {
        "name": "Red Hat CodeReady Linux Builder",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux Server - TUS 7.7 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux Server",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Virtualization Host 4 for RHEL 8 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64",
      "product": {
        "name": "Red Hat Enterprise Linux",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-4154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4154"
    },
    {
      "name": "CVE-2020-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
    },
    {
      "name": "CVE-2021-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
    },
    {
      "name": "CVE-2022-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
    },
    {
      "name": "CVE-2022-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
    },
    {
      "name": "CVE-2022-0516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0516"
    },
    {
      "name": "CVE-2022-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
    },
    {
      "name": "CVE-2021-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
    },
    {
      "name": "CVE-2022-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
    },
    {
      "name": "CVE-2022-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
    },
    {
      "name": "CVE-2021-0920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
    },
    {
      "name": "CVE-2021-4028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:0712 du 01 mars 2022",
      "url": "https://access.redhat.com/errata/RHSA-2022:0712"
    }
  ],
  "reference": "CERTFR-2022-AVI-238",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:0819 du 10 mars 2022",
      "url": "https://access.redhat.com/errata/RHSA-2022:0819"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:0825 du 10 mars 2022",
      "url": "https://access.redhat.com/errata/RHSA-2022:0825"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:0822 du 10 mars 2022",
      "url": "https://access.redhat.com/errata/RHSA-2022:0822"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:0823 du 10 mars 2022",
      "url": "https://access.redhat.com/errata/RHSA-2022:0823"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:0831 du 10 mars 2022",
      "url": "https://access.redhat.com/errata/RHSA-2022:0831"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:0820 du 10 mars 2022",
      "url": "https://access.redhat.com/errata/RHSA-2022:0820"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2022:0821 du 10 mars 2022",
      "url": "https://access.redhat.com/errata/RHSA-2022:0821"
    }
  ]
}

CVE-2021-0920 (GCVE-0-2021-0920)

Vulnerability from cvelistv5 – Published: 2021-12-15 18:05 – Updated: 2025-10-21 23:15

Summary

In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel

Severity ?

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

Elevation of privilege

Assigner

google_android

References

URL

Tags

	https://source.android.com/security/bulletin/2021-11-01	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	Android	Affected: Android kernel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:55:16.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2021-11-01"
          },
          {
            "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-0920",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-06T16:18:51.272894Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-05-23",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-0920"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:50.498Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-0920"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-05-23T00:00:00+00:00",
            "value": "CVE-2021-0920 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Android kernel"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-17T00:06:43.000Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://source.android.com/security/bulletin/2021-11-01"
        },
        {
          "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2021-0920",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Android kernel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2021-11-01",
              "refsource": "MISC",
              "url": "https://source.android.com/security/bulletin/2021-11-01"
            },
            {
              "name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2021-0920",
    "datePublished": "2021-12-15T18:05:31.000Z",
    "dateReserved": "2020-11-06T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:15:50.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-0466 (GCVE-0-2020-0466)

Vulnerability from cvelistv5 – Published: 2020-12-14 21:50 – Updated: 2024-08-04 06:02

Summary

In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel

Severity ?

No CVSS data available.

CWE

Elevation of privilege

Assigner

google_android

References

URL

Tags

https://source.android.com/security/bulletin/2020-12-01

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Android	Affected: Android kernel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:02:51.841Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2020-12-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Android kernel"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-14T21:50:04",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://source.android.com/security/bulletin/2020-12-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2020-0466",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Android kernel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2020-12-01",
              "refsource": "MISC",
              "url": "https://source.android.com/security/bulletin/2020-12-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2020-0466",
    "datePublished": "2020-12-14T21:50:04",
    "dateReserved": "2019-10-17T00:00:00",
    "dateUpdated": "2024-08-04T06:02:51.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-4154 (GCVE-0-2021-4154)

Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-08-03 17:16

Summary

A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.

Severity ?

No CVSS data available.

CWE

CWE-416

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=2034514	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://cloud.google.com/anthos/clusters/docs/sec…	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2022022…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	kernel	Affected: Fixed in kernel 5.14 rc2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:04.485Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220225-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in kernel 5.14 rc2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-25T09:06:07",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220225-0004/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-4154",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in kernel 5.14 rc2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel\u0027s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034514"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b"
            },
            {
              "name": "https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002",
              "refsource": "MISC",
              "url": "https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220225-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220225-0004/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-4154",
    "datePublished": "2022-02-04T22:29:17",
    "dateReserved": "2021-12-22T00:00:00",
    "dateUpdated": "2024-08-03T17:16:04.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-22942 (GCVE-0-2022-22942)

Vulnerability from cvelistv5 – Published: 2023-12-13 08:16 – Updated: 2024-08-03 03:28

Summary

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Privilege escalation

Assigner

vmware

References

URL

Tags

	https://github.com/vmware/photon/wiki/Security-Up…
	https://github.com/vmware/photon/wiki/Security-Up…
	https://www.openwall.com/lists/oss-security/2022/…

Impacted products

	Vendor	Product	Version
	n/a	Photon OS	Affected: 3.0, 4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:28:42.652Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/vmware/photon/wiki/Security-Update-3.0-356"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/vmware/photon/wiki/Security-Update-4.0-148"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/01/27/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Photon OS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "3.0, 4.0"
            }
          ]
        }
      ],
      "datePublic": "2022-01-27T07:06:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling \u0027file\u0027 pointer."
            }
          ],
          "value": "The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling \u0027file\u0027 pointer."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege escalation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-13T08:17:05.068Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://github.com/vmware/photon/wiki/Security-Update-3.0-356"
        },
        {
          "url": "https://github.com/vmware/photon/wiki/Security-Update-4.0-148"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2022/01/27/4"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2022-22942",
    "datePublished": "2023-12-13T08:16:34.363Z",
    "dateReserved": "2022-01-10T15:34:55.706Z",
    "dateUpdated": "2024-08-03T03:28:42.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0516 (GCVE-0-2022-0516)

Vulnerability from cvelistv5 – Published: 2022-03-08 14:06 – Updated: 2024-08-02 23:32

Summary

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.

Severity ?

No CVSS data available.

CWE

CWE-200

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=2050237	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://www.debian.org/security/2022/dsa-5092	vendor-advisoryx_refsource_DEBIAN
	https://security.netapp.com/advisory/ntap-2022033…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	kernel	Affected: Linux kernel versions prior to 5.17-rc4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050237"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09a93c1df3eafa43bcdfd7bf837c574911f12f55"
          },
          {
            "name": "DSA-5092",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5092"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220331-0009/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel versions prior to 5.17-rc4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-31T08:06:17",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050237"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09a93c1df3eafa43bcdfd7bf837c574911f12f55"
        },
        {
          "name": "DSA-5092",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5092"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220331-0009/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-0516",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Linux kernel versions prior to 5.17-rc4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2050237",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2050237"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09a93c1df3eafa43bcdfd7bf837c574911f12f55",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=09a93c1df3eafa43bcdfd7bf837c574911f12f55"
            },
            {
              "name": "DSA-5092",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5092"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220331-0009/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220331-0009/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0516",
    "datePublished": "2022-03-08T14:06:13",
    "dateReserved": "2022-02-07T00:00:00",
    "dateUpdated": "2024-08-02T23:32:46.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0330 (GCVE-0-2022-0330)

Vulnerability from cvelistv5 – Published: 2022-03-25 00:00 – Updated: 2024-08-02 23:25

Summary

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

Severity ?

No CVSS data available.

CWE

CWE-281

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=2042404
	https://www.openwall.com/lists/oss-security/2022/…
	https://security.netapp.com/advisory/ntap-2022052…
	http://www.openwall.com/lists/oss-security/2022/11/30/1	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	kernel	Affected: kernel 5.17-rc2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:25:40.079Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042404"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/01/25/12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220526-0001/"
          },
          {
            "name": "[oss-security] 20221130 Security sensitive bug in the i915 kernel driver (CVE-2022-4139)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/11/30/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 5.17-rc2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A random memory access flaw was found in the Linux kernel\u0027s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-281",
              "description": "CWE-281",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-30T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042404"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2022/01/25/12"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220526-0001/"
        },
        {
          "name": "[oss-security] 20221130 Security sensitive bug in the i915 kernel driver (CVE-2022-4139)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/11/30/1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0330",
    "datePublished": "2022-03-25T00:00:00",
    "dateReserved": "2022-01-21T00:00:00",
    "dateUpdated": "2024-08-02T23:25:40.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0435 (GCVE-0-2022-0435)

Vulnerability from cvelistv5 – Published: 2022-03-25 00:00 – Updated: 2024-08-02 23:25

Summary

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

Severity ?

No CVSS data available.

CWE

CWE-787

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=2048738
	https://www.openwall.com/lists/oss-security/2022/…
	https://security.netapp.com/advisory/ntap-2022060…

Impacted products

	Vendor	Product	Version
	n/a	kernel	Affected: kernel 5.17-rc4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:25:40.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048738"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/02/10/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220602-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 5.17-rc4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack overflow flaw was found in the Linux kernel\u0027s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048738"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2022/02/10/1"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220602-0001/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0435",
    "datePublished": "2022-03-25T00:00:00",
    "dateReserved": "2022-01-31T00:00:00",
    "dateUpdated": "2024-08-02T23:25:40.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-4155 (GCVE-0-2021-4155)

Vulnerability from cvelistv5 – Published: 2022-08-24 15:10 – Updated: 2024-08-03 17:16

Summary

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

Severity ?

No CVSS data available.

CWE

CWE-131 - - Incorrect Calculation of Buffer Size

Assigner

redhat

References

URL

Tags

	https://www.openwall.com/lists/oss-security/2022/…	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=2034813	x_refsource_MISC
	https://access.redhat.com/security/cve/CVE-2021-4155	x_refsource_MISC
	https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	kernel	Affected: Fixed in Kernel v5.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:04.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/01/10/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2021-4155"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2021-4155"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in Kernel v5.16"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131 - Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-24T15:10:19",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2022/01/10/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2021-4155"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2021-4155"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-4155",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in Kernel v5.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-131 - Incorrect Calculation of Buffer Size"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2022/01/10/1",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2022/01/10/1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034813"
            },
            {
              "name": "https://access.redhat.com/security/cve/CVE-2021-4155",
              "refsource": "MISC",
              "url": "https://access.redhat.com/security/cve/CVE-2021-4155"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2021-4155",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2021-4155"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-4155",
    "datePublished": "2022-08-24T15:10:19",
    "dateReserved": "2021-12-22T00:00:00",
    "dateUpdated": "2024-08-03T17:16:04.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0847 (GCVE-0-2022-0847)

Vulnerability from cvelistv5 – Published: 2022-03-07 00:00 – Updated: 2025-10-21 23:15

Summary

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-665 - >CWE-281

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=2060795
	https://dirtypipe.cm4all.com/
	http://packetstormsecurity.com/files/166230/Dirty…
	http://packetstormsecurity.com/files/166229/Dirty…
	http://packetstormsecurity.com/files/166258/Dirty…
	https://www.suse.com/support/kb/doc/?id=000020603
	https://security.netapp.com/advisory/ntap-2022032…
	https://cert-portal.siemens.com/productcert/pdf/s…
	https://psirt.global.sonicwall.com/vuln-detail/SN…
	http://packetstormsecurity.com/files/176534/Linux…

Impacted products

	Vendor	Product	Version
	n/a	kernel	Affected: Linux Kernel 5.17 rc6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:40:04.513Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://dirtypipe.cm4all.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.suse.com/support/kb/doc/?id=000020603"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220325-0005/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-0847",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T18:38:16.058756Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-04-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0847"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:44.668Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0847"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-04-25T00:00:00+00:00",
            "value": "CVE-2022-0847 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux Kernel 5.17 rc6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-665",
              "description": "CWE-665-\u003eCWE-281",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-12T16:06:14.073Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060795"
        },
        {
          "url": "https://dirtypipe.cm4all.com/"
        },
        {
          "url": "http://packetstormsecurity.com/files/166230/Dirty-Pipe-SUID-Binary-Hijack-Privilege-Escalation.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/166229/Dirty-Pipe-Linux-Privilege-Escalation.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/166258/Dirty-Pipe-Local-Privilege-Escalation.html"
        },
        {
          "url": "https://www.suse.com/support/kb/doc/?id=000020603"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220325-0005/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0015"
        },
        {
          "url": "http://packetstormsecurity.com/files/176534/Linux-4.20-KTLS-Read-Only-Write.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0847",
    "datePublished": "2022-03-07T00:00:00.000Z",
    "dateReserved": "2022-03-03T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:15:44.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-4083 (GCVE-0-2021-4083)

Vulnerability from cvelistv5 – Published: 2022-01-18 16:51 – Updated: 2024-08-03 17:16

Summary

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.

Severity ?

No CVSS data available.

CWE

CWE-416

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=2029923	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST
	https://www.debian.org/security/2022/dsa-5096	vendor-advisoryx_refsource_DEBIAN
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-2022021…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	kernel	Affected: kernel 5.16-rc4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:03.848Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029923"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
          },
          {
            "name": "DSA-5096",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5096"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220217-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 5.16-rc4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A read-after-free memory flaw was found in the Linux kernel\u0027s garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:42:48",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029923"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
        },
        {
          "name": "DSA-5096",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5096"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220217-0005/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-4083",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "kernel 5.16-rc4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A read-after-free memory flaw was found in the Linux kernel\u0027s garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2029923",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029923"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9"
            },
            {
              "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
            },
            {
              "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
            },
            {
              "name": "DSA-5096",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5096"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220217-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220217-0005/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-4083",
    "datePublished": "2022-01-18T16:51:46",
    "dateReserved": "2021-12-09T00:00:00",
    "dateUpdated": "2024-08-03T17:16:03.848Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-4028 (GCVE-0-2021-4028)

Vulnerability from cvelistv5 – Published: 2022-08-24 00:00 – Updated: 2024-08-03 17:16

Summary

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

Severity ?

No CVSS data available.

CWE

CWE-416 - - Use After Free

Assigner

redhat

References

URL

Tags

	https://lkml.org/lkml/2021/10/4/697
	https://git.kernel.org/pub/scm/linux/kernel/git/t…
	https://bugzilla.redhat.com/show_bug.cgi?id=2027201
	https://access.redhat.com/security/cve/CVE-2021-4028
	https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0
	https://security.netapp.com/advisory/ntap-2022122…

Impacted products

	Vendor	Product	Version
	n/a	kernel	Affected: Fixed in kernel 5.15-rc1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:04.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2021/10/4/697"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027201"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2021-4028"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221228-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in kernel 5.15-rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw in the Linux kernel\u0027s implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 - Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-28T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://lkml.org/lkml/2021/10/4/697"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027201"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2021-4028"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221228-0002/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-4028",
    "datePublished": "2022-08-24T00:00:00",
    "dateReserved": "2021-11-29T00:00:00",
    "dateUpdated": "2024-08-03T17:16:04.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0492 (GCVE-0-2022-0492)

Vulnerability from cvelistv5 – Published: 2022-03-03 00:00 – Updated: 2024-08-02 23:32

Summary

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

Severity ?

No CVSS data available.

CWE

CWE-287

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=2051505
	https://git.kernel.org/pub/scm/linux/kernel/git/t…
	https://lists.debian.org/debian-lts-announce/2022…	mailing-list
	https://lists.debian.org/debian-lts-announce/2022…	mailing-list
	https://www.debian.org/security/2022/dsa-5095	vendor-advisory
	https://www.debian.org/security/2022/dsa-5096	vendor-advisory
	http://packetstormsecurity.com/files/166444/Kerne…
	https://security.netapp.com/advisory/ntap-2022041…
	http://packetstormsecurity.com/files/167386/Kerne…
	http://packetstormsecurity.com/files/176099/Docke…

Impacted products

	Vendor	Product	Version
	n/a	kernel	Affected: kernel 5.17 rc3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:45.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
          },
          {
            "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
          },
          {
            "name": "DSA-5095",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5095"
          },
          {
            "name": "DSA-5096",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5096"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220419-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 5.17 rc3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in the Linux kernel\u2019s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-07T15:06:18.421771",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051505"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
        },
        {
          "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
        },
        {
          "name": "DSA-5095",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5095"
        },
        {
          "name": "DSA-5096",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5096"
        },
        {
          "url": "http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220419-0002/"
        },
        {
          "url": "http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/176099/Docker-cgroups-Container-Escape.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0492",
    "datePublished": "2022-03-03T00:00:00",
    "dateReserved": "2022-02-04T00:00:00",
    "dateUpdated": "2024-08-02T23:32:45.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2022-AVI-238

Solution

CVE-2021-0920 (GCVE-0-2021-0920)

CVE-2020-0466 (GCVE-0-2020-0466)

CVE-2021-4154 (GCVE-0-2021-4154)

CVE-2022-22942 (GCVE-0-2022-22942)

CVE-2022-0516 (GCVE-0-2022-0516)

CVE-2022-0330 (GCVE-0-2022-0330)

CVE-2022-0435 (GCVE-0-2022-0435)

CVE-2021-4155 (GCVE-0-2021-4155)

CVE-2022-0847 (GCVE-0-2022-0847)

CVE-2021-4083 (GCVE-0-2021-4083)

CVE-2021-4028 (GCVE-0-2021-4028)

CVE-2022-0492 (GCVE-0-2022-0492)

Tags

Sightings

Nomenclature