CVE-2022-1652
published 2022-06-02CVE-2022-1652: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 5.17.11-1 (bookworm) | linux 5.17.11-1 (bookworm) |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.120-1 | 5.10.120-1 |
| linux | linux_kernel | >= 0 < 5.17.11-1 | 5.17.11-1 |
| linux | linux_kernel | >= 0 < 5.17.11-1 | 5.17.11-1 |
| linux | linux_kernel | >= 0 < 5.17.11-1 | 5.17.11-1 |
| linux | linux_kernel | >= 0 < 4.15.0-191.202 | 4.15.0-191.202 |
| linux | linux_kernel | >= 0 < 5.4.0-124.140 | 5.4.0-124.140 |
| linux | linux_kernel | >= 0 < 5.15.0-43.46 | 5.15.0-43.46 |
| linux | linux_kernel | >= 0 < 4.4.0-229.263 | 4.4.0-229.263 |
| linux | linux_kernel | >= 2.6.12 < 4.9.316 | 4.9.316 |
| linux | linux_kernel | >= 4.10 < 4.14.281 | 4.14.281 |
| linux | linux_kernel | >= 4.15 < 4.19.245 | 4.19.245 |
| linux | linux_kernel | >= 4.20 < 5.4.196 | 5.4.196 |
| linux | linux_kernel | >= 5.11 < 5.15.42 | 5.15.42 |
| linux | linux_kernel | >= 5.16 < 5.17.10 | 5.17.10 |
| linux | linux_kernel | >= 5.5 < 5.10.118 | 5.10.118 |
| msrc | cbl2_kernel_5.15.55.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_kernel_5.10.131.1-1_on_cbl_mariner_1.0 | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
cisa7.2HIGH
OSV
linux-azure-fde vulnerabilities
osv·2022-08-25·CVSS 4.4
CVE-2022-34918 [MEDIUM] linux-azure-fde vulnerabilities
linux-azure-fde vulnerabilities
Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel
did not properly perform data validation. A local attacker could use this
to escalate privileges in certain situations. (CVE-2022-34918)
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of s
OSV
linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities
osv·2022-08-10·CVSS 7.8
CVE-2022-2588 [HIGH] linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities
linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-ibm, linux-kvm, linux-oracle, linux-raspi vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It w
OSV
linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
osv·2022-08-10·CVSS 4.4
CVE-2022-2588 [MEDIUM] linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the block layer s
OSV
linux-intel-iotg vulnerabilities
osv·2022-08-10·CVSS 7.8
CVE-2022-2588 [HIGH] linux-intel-iotg vulnerabilities
linux-intel-iotg vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the implementation of POSIX timers in the Linux
kernel did not properly clean up timers in some situations. A local
attacker
OSV
linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities
osv·2022-08-10·CVSS 4.4
CVE-2022-2588 [MEDIUM] linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities
linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the block layer subsystem in the Linux kernel did
not properly initialize memo
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.
osv·2022-08-10·CVSS 4.4
[MEDIUM] linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local a
OSV
linux, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities
osv·2022-08-02·CVSS 7.8
CVE-2022-1679 [HIGH] linux, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities
linux, linux-hwe-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities
It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)
Felix Fu discovered that the Sun RPC implementation in the Linux kernel did
not properly handle socket states, leading to a use-after-free
vulnerability. A remote attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-28893)
Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel
did not properly perform data validation. A local at
OSV
linux-oem-5.17 vulnerabilities
osv·2022-07-21·CVSS 7.8
CVE-2022-1679 [HIGH] linux-oem-5.17 vulnerabilities
linux-oem-5.17 vulnerabilities
It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)
Yongkang Jia discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle guest TLB mapping invalidation requests in
some situations. An attacker in a guest VM could use this to cause a denial
of service (system crash) in the host OS. (CVE-2022-1789)
Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered that the KVM hypervisor
implementation in the Linux kernel did not properly handle an illegal
instruction in a guest, resulting
OSV
linux-aws vulnerabilities
osv·2022-07-13·CVSS 7.0
CVE-2021-3609 [HIGH] linux-aws vulnerabilities
linux-aws vulnerabilities
Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code. (CVE-2021-3609)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-3752)
It was discovered that the NFC subsystem in the Linux kernel contained a
use-after-free vulnerability in its NFC Controller Interface (NCI)
implementation. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code.
OSV
linux-lts-xenial, linux-kvm vulnerabilities
osv·2022-07-07·CVSS 7.0
CVE-2021-3609 [HIGH] linux-lts-xenial, linux-kvm vulnerabilities
linux-lts-xenial, linux-kvm vulnerabilities
Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code. (CVE-2021-3609)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-3752)
It was discovered that the NFC subsystem in the Linux kernel contained a
use-after-free vulnerability in its NFC Controller Interface (NCI)
implementation. A local attacker could possibly use this to cause a denial
of service (system crash) or execu
OSV
linux, linux-aws vulnerabilities
osv·2022-07-01·CVSS 7.8
CVE-2021-4197 [HIGH] linux, linux-aws vulnerabilities
linux, linux-aws vulnerabilities
Eric Biederman discovered that the cgroup process migration implementation
in the Linux kernel did not perform permission checks correctly in some
situations. A local attacker could possibly use this to gain administrative
privileges. (CVE-2021-4197)
Lin Ma discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-4202)
It was discovered that the PF_KEYv2 implementation in the Linux kernel did
not properly initialize kernel memory in some situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-20
GHSA
GHSA-v7r6-6784-83g3: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr fun
ghsa_unreviewed·2022-06-03
CVE-2022-1652 [HIGH] CWE-416 GHSA-v7r6-6784-83g3: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr fun
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
OSV
CVE-2022-1652: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr fun
osv·2022-06-02·CVSS 7.8
CVE-2022-1652 [HIGH] CVE-2022-1652: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr fun
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CISA ICS
Siemens SCALANCE XCM332
cisa_ics·2023-04-13·CVSS 7.5
[HIGH] Siemens SCALANCE XCM332
ICS Advisory
##
Siemens SCALANCE XCM332
Release DateApril 13, 2023
Alert CodeICSA-23-103-09
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM332
- Vulnerabilities: Allocation of Resources Without Limits or Throttling, Use After Free, Concurrent Execution Using Shared Resource with Improper Synchronization ('Race Condition'), Incorrect Default Permissions, Out-of-
CISA ICS
Siemens SCALANCE, RUGGEDCOM Third-Party
cisa_ics·2023-03-16
Siemens SCALANCE, RUGGEDCOM Third-Party
ICS Advisory
##
Siemens SCALANCE, RUGGEDCOM Third-Party
Release DateMarch 16, 2023
Alert CodeICSA-23-075-01
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/Low attack complexity
- Vendor: Siemens
- Equipment: Busybox Applet affecting SCALANCE and RUGGEDCOM products
- Vulnerabilities: Out-of-bounds Write, Exposure of Sensitive Information to an Unauthorized Actor, Improper Locking, Improper Input Validation, NULL Pointer Deref
Ubuntu
Linux kernel (Azure CVM) vulnerabilities
vendor_ubuntu·2022-08-25·CVSS 4.4
CVE-2022-1974 [MEDIUM] Linux kernel (Azure CVM) vulnerabilities
Title: Linux kernel (Azure CVM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel
did not properly perform data validation. A local attacker could use this
to escalate privileges in certain situations. (CVE-2022-34918)
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a us
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 7.8
CVE-2022-1734 [HIGH] Linux kernel (Intel IoTG) vulnerabilities
Title: Linux kernel (Intel IoTG) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the implementation of POSIX timers in the
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 4.4
CVE-2022-1048 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the block layer subsystem in the Linux kernel did
not p
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 7.8
CVE-2022-2586 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the implementation of POSIX timers in the Linux
kernel
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 4.4
CVE-2022-1975 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the block layer subsystem in the Linux kernel did
not p
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-08-10·CVSS 4.4
CVE-2022-1734 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Zhenpeng Lin discovered that the network packet scheduler implementation in
the Linux kernel did not properly remove all references to a route filter
before freeing it in some situations. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2588)
It was discovered that the netfilter subsystem of the Linux kernel did not
prevent one nft object from referencing an nft set in another nft table,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-2586)
It was discovered that the block layer subsystem in the Linux kernel did
not p
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-08-02·CVSS 7.8
CVE-2022-1679 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)
Felix Fu discovered that the Sun RPC implementation in the Linux kernel did
not properly handle socket states, leading to a use-after-free
vulnerability. A remote attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-28893)
Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel
did not properly perform data val
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2022-07-21·CVSS 7.8
CVE-2022-2078 [HIGH] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)
Yongkang Jia discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle guest TLB mapping invalidation requests in
some situations. An attacker in a guest VM could use this to cause a denial
of service (system crash) in the host OS. (CVE-2022-1789)
Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered that the KVM hypervisor
implementation in the Linux
Ubuntu
Linux kernel (AWS) vulnerabilities
vendor_ubuntu·2022-07-13·CVSS 7.0
CVE-2022-21123 [HIGH] Linux kernel (AWS) vulnerabilities
Title: Linux kernel (AWS) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code. (CVE-2021-3609)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-3752)
It was discovered that the NFC subsystem in the Linux kernel contained a
use-after-free vulnerability in its NFC Controller Interface (NCI)
implementation. A local attacker could possib
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-07-07·CVSS 7.0
CVE-2021-3752 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code. (CVE-2021-3609)
Likang Luo discovered that a race condition existed in the Bluetooth
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-3752)
It was discovered that the NFC subsystem in the Linux kernel contained a
use-after-free vulnerability in its NFC Controller Interface (NCI)
implementation. A local attacker could possibly use
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-07-01·CVSS 7.8
CVE-2022-1652 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Eric Biederman discovered that the cgroup process migration implementation
in the Linux kernel did not perform permission checks correctly in some
situations. A local attacker could possibly use this to gain administrative
privileges. (CVE-2021-4197)
Lin Ma discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-4202)
It was discovered that the PF_KEYv2 implementation in the Linux kernel did
not properly initialize kernel memory in some situations. A local attacker
co
Microsoft
Linux Kernel could allow a local attacker to execute arbitrary code on the system caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program an
vendor_msrc·2022-05-10·CVSS 7.8
CVE-2022-1652 [HIGH] CWE-416 Linux Kernel could allow a local attacker to execute arbitrary code on the system caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program an
Linux Kernel could allow a local attacker to execute arbitrary code on the system caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in
Red Hat
kernel: A concurrency use-after-free in floppy disk device driver.
vendor_redhat·2022-05-10·CVSS 7.8
CVE-2022-1652 [HIGH] CWE-416 kernel: A concurrency use-after-free in floppy disk device driver.
kernel: A concurrency use-after-free in floppy disk device driver.
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
A use-after-free flaw was found in the Linux kernel’s floppy driver implementation. This flaw allows a local attacker to possibly corrupt memory.
Mitigation: The floppy module will be auto-loaded when the hardware is present. Its loading can be prevented with the following instructions:
# echo "install floppy /bin/true" >> /etc/modprobe.d/disable-floppy.conf
The system will need to be restarted if the f
CISA
Cisco Small Business Routers Improper Input Validation Vulnerability
cisa·2022-03-03·CVSS 7.2
CVE-2019-1652 [HIGH] CWE-20 Cisco Small Business Routers Improper Input Validation Vulnerability
Vulnerability: Cisco Small Business Routers Improper Input Validation Vulnerability
Affected: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-1652
Remediation Due Date: 2022-03-17
Debian
CVE-2022-1652: linux - Linux Kernel could allow a local attacker to execute arbitrary code on the syste...
vendor_debian·2022·CVSS 7.8
CVE-2022-1652 [HIGH] CVE-2022-1652: linux - Linux Kernel could allow a local attacker to execute arbitrary code on the syste...
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Scope: local
bookworm: resolved (fixed in 5.17.11-1)
bullseye: resolved (fixed in 5.10.120-1)
forky: resolved (fixed in 5.17.11-1)
sid: resolved (fixed in 5.17.11-1)
trixie: resolved (fixed in 5.17.11-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=1832397https://francozappa.github.io/about-bias/https://kb.cert.org/vuls/id/647177/https://security.netapp.com/advisory/ntap-20220722-0002/https://www.debian.org/security/2022/dsa-5173https://bugzilla.redhat.com/show_bug.cgi?id=1832397https://francozappa.github.io/about-bias/https://kb.cert.org/vuls/id/647177/https://security.netapp.com/advisory/ntap-20220722-0002/https://www.debian.org/security/2022/dsa-5173
2022-06-02
Published