CVE-2022-1263: A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the…

CVE-2022-1263 [MEDIUM] CWE-476 A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls causi A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls causing a kernel oops condition that results in a denial of service. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If

CVE-2022-1671 [MEDIUM] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl()

CVE-2022-1263 [MEDIUM] CWE-476 kernel: KVM: NULL pointer dereference in kvm_dirty_ring_push in virt/kvm/dirty_ring.c kernel: KVM: NULL pointer dereference in kvm_dirty_ring_push in virt/kvm/dirty_ring.c A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. Statement: Red Hat Enterprise Linux 6 and 7 did not provide support for KVM dirty ring and therefore are not affected by this issue. Package: kernel (Red Hat Enterprise Linux 6) -

CVE-2022-1263 [MEDIUM] CVE-2022-1263: linux - A NULL pointer dereference issue was found in KVM when releasing a vCPU with dir... A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. Scope: local bookworm: resolved (fixed in 5.17.3-1) bullseye: resolved forky: resolved (fixed in 5.17.3-1) sid: resolved (fixed in 5.17.3-1) trixie: resolved (fixed in 5.17.3-1)

CVE-2022-39345 [CRITICAL] CWE-22 Gin-vue-admin subject to Remote Code Execution via file upload vulnerability Gin-vue-admin subject to Remote Code Execution via file upload vulnerability ### Impact Gin-vue-admin < 2.5.4 has File upload vulnerabilities。 File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. Failing to properly enforce restrictions on these could mean that even a basic image upload function can be used to upload arbitrary and potentially dangerous files instead. This could even include server-side script files that enable remote code execution. ### Patches https://github.com/flipped-aurora/gin-vue-admin/pull/1264 ### Workarounds https://github.com/flipped-aurora/gin-vue-admin/pull/1264 ### References #1263 ### For more information The plugin installation

CVE-2022-1263 [MEDIUM] CWE-476 GHSA-wcwj-rgxv-c28p: A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

CVE-2022-1263 [MEDIUM] CVE-2022-1263: A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

CVE-2022-21499 [MEDIUM] linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux ke

CVE-2022-1263 [MEDIUM] CVE-2022-1263 kernel: KVM: NULL pointer dereference in kvm_dirty_ring_push in virt/kvm/dirty_ring.c CVE-2022-1263 kernel: KVM: NULL pointer dereference in kvm_dirty_ring_push in virt/kvm/dirty_ring.c A null pointer dereference was found in the kvm module which can lead to denial of service. This flaw is in kvm_dirty_ring_push in virt/kvm/dirty_ring.c. References: https://www.openwall.com/lists/oss-security/2022/04/07/1 Discussion: Upstream commit: https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4 --- Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2096875] --- This was fixed for Fedora with the 5.16.20 stable kernel updates. --- This issue was fixed upstream in version 5.19. The kernel packages as shipped in the following Red Hat products were previously updated to a version that contains the fix via the following errata: