CVE-2022-2905: An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the…

CVE-2022-2905 [MEDIUM] Linux Kernel BPF Subsystem bpf_tail_call out-of-bounds (EUVD-2022-35133 / Nessus ID 236648) A vulnerability labeled as problematic has been found in Linux Kernel. Affected by this issue is the function bpf_tail_call of the component BPF Subsystem. The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2022-2905. The attack is only possible with local access. There is not any exploit available. Applying a patch is advised to resolve this issue.

CVE-2022-20422 [HIGH] linux-gcp-5.15, linux-gke-5.15, linux-intel-iotg, linux-raspi vulnerabilities linux-gcp-5.15, linux-gke-5.15, linux-intel-iotg, linux-raspi vulnerabilities It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) Hsin-Wei Hung discovered that the BPF subsystem in the Linux kernel contained an out-of-bounds read vulnerability in the x86 JIT compiler. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2022-2905) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or

CVE-2022-20422 [HIGH] linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, lin linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15 vulnerabilities It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) Hsin-Wei Hung discovered that the BPF subsystem in the Linux kernel contained an out-of-bounds read vulnerability in the x86 JIT compiler. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2022-2905) Hao Sun and Jiacheng Xu discovered that the NILFS file system im

CVE-2022-2905 [MEDIUM] CVE-2022-2905: An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.

[MEDIUM] Siemens SIMATIC S7-1500 TM MFP BIOS ICS Advisory ## Siemens SIMATIC S7-1500 TM MFP BIOS Release DateJune 15, 2023 Alert CodeICSA-23-166-10 ## As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). ## 1. EXECUTIVE SUMMARY - CVSS v3 9.8 - ATTENTION: Exploitable remotely / low attack complexity - Vendor: Siemens - Equipment: SIMATIC S7-1500 TM MFP - Vulnerabilities: Improper Input Validation, Out-of-bounds Read, Use After Free, Out-of-bounds Write, Infinite Loop, Reachable Assertion, Off-by-one Error, Incorrect Default Permissions, Double Fr

[MEDIUM] Siemens SIMATIC S7-1500 TM MFP Linux Kernel ICS Advisory ## Siemens SIMATIC S7-1500 TM MFP Linux Kernel Release DateJune 15, 2023 Alert CodeICSA-23-166-11 ## As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). ## 1. EXECUTIVE SUMMARY - CVSS v3 9.8 - ATTENTION: Exploitable remotely / low attack complexity / public exploits available - Vendor: Siemens ProductCERT - Equipment: SIMATIC S7-1500 TM MFP - Vulnerabilities: Multiple vulnerabilities ## 2. RISK EVALUATION Exploitation of these vulnerabilities could lead to denial-of-service, crashing t

CVE-2022-3028 [HIGH] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) Hsin-Wei Hung discovered that the BPF subsystem in the Linux kernel contained an out-of-bounds read vulnerability in the x86 JIT compiler. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2022-2905) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of s

CVE-2022-3028 [HIGH] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the Linux kernel. It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-20422) Hsin-Wei Hung discovered that the BPF subsystem in the Linux kernel contained an out-of-bounds read vulnerability in the x86 JIT compiler. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2022-2905) Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of s

CVE-2022-2905 [MEDIUM] CWE-125 An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a loc An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additiona

CVE-2022-2905 [MEDIUM] CWE-125 kernel: slab-out-of-bound read in bpf kernel: slab-out-of-bound read in bpf An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. Statement: The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its att

CVE-2022-2905 [MEDIUM] CVE-2022-2905: linux - An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem ... An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. Scope: local bookworm: resolved (fixed in 5.19.6-1) bullseye: resolved (fixed in 5.10.140-1) forky: resolved (fixed in 5.19.6-1) sid: resolved (fixed in 5.19.6-1) trixie: resolved (fixed in 5.19.6-1)

CVE-2022-2905 [MEDIUM] CVE-2022-2905 kernel: slab-out-of-bound read in bpf CVE-2022-2905 kernel: slab-out-of-bound read in bpf A bug in the x86 BPF JIT compiler. A bpf_tail_call with a key larger than the max_entries of the map can cause an out-of-bound access when the x86 JIT compiler tries to index bpf_array->ptr using the invalid key. References: https://www.openwall.com/lists/oss-security/2022/08/26/1 https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel@iogearbox.net/ Discussion: Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2121801] --- This was fixed for Fedora with the 5.19.6 stable kernel updates.