Canonical Linux software

A vulnerability was found in networkd-dispatcher

CVE-2022-29799 5.5 - Medium - September 21, 2022

A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the /etc/networkd-dispatcher base directory.

Directory traversal

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher

CVE-2022-29800 4.7 - Medium - September 21, 2022

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

TOCTTOU

A vulnerability was found in networkd-dispatcher

CVE-2022-29799 5.5 - Medium - September 21, 2022

A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the /etc/networkd-dispatcher base directory.

Directory traversal

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher

CVE-2022-29800 4.7 - Medium - September 21, 2022

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

TOCTTOU

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak

CVE-2022-38178 7.5 - High - September 21, 2022

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Improper Verification of Cryptographic Signature

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak

CVE-2022-38177 7.5 - High - September 21, 2022

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Improper Verification of Cryptographic Signature

By sending specific queries to the resolver, an attacker

CVE-2022-3080 7.5 - High - September 21, 2022

By sending specific queries to the resolver, an attacker can cause named to crash.

Injection

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources

CVE-2022-2906 7.5 - High - September 21, 2022

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

Memory Leak

The underlying bug might cause read past end of the buffer and either read memory it should not read

CVE-2022-2881 8.2 - High - September 21, 2022

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

Out-of-bounds Read

By flooding the target resolver with queries exploiting this flaw an attacker

CVE-2022-2795 7.5 - High - September 21, 2022

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Resource Exhaustion

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak

CVE-2022-38177 7.5 - High - September 21, 2022

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Improper Verification of Cryptographic Signature

By flooding the target resolver with queries exploiting this flaw an attacker

CVE-2022-2795 7.5 - High - September 21, 2022

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

Resource Exhaustion

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel

CVE-2022-3202 7.1 - High - September 14, 2022

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.

NULL Pointer Dereference

A flaw was found in the Linux kernels driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices

CVE-2022-2964 7.8 - High - September 09, 2022

A flaw was found in the Linux kernels driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.

Memory Corruption

A use-after-free vulnerability was found in systemd

CVE-2022-2526 9.8 - Critical - September 09, 2022

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Dangling pointer

A use-after-free vulnerability was found in systemd

CVE-2022-2526 9.8 - Critical - September 09, 2022

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Dangling pointer

A stack-based buffer overflow flaw was found in the Fribidi package

CVE-2022-25308 7.8 - High - September 06, 2022

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.

Memory Corruption

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file

CVE-2022-25309 5.5 - Medium - September 06, 2022

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.

Memory Corruption

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file

CVE-2022-25310 5.5 - Medium - September 06, 2022

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.

An authorization flaw was found in openstack-barbican

CVE-2022-23451 8.1 - High - September 06, 2022

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.

AuthZ

A stack-based buffer overflow flaw was found in the Fribidi package

CVE-2022-25308 7.8 - High - September 06, 2022

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.

Memory Corruption

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file

CVE-2022-25309 5.5 - Medium - September 06, 2022

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.

Memory Corruption

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file

CVE-2022-25310 5.5 - Medium - September 06, 2022

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service

CVE-2022-39177 8.8 - High - September 02, 2022

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information

CVE-2022-39176 8.8 - High - September 02, 2022

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

CVE-2022-1729 7 - High - September 01, 2022

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Race Condition

An integer coercion error was found in the openvswitch kernel module

CVE-2022-2639 7.8 - High - September 01, 2022

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Memory Corruption

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

CVE-2022-1729 7 - High - September 01, 2022

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Race Condition

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

CVE-2022-1729 7 - High - September 01, 2022

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Race Condition

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

CVE-2022-1729 7 - High - September 01, 2022

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Race Condition

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

CVE-2022-1729 7 - High - September 01, 2022

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Race Condition

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

CVE-2022-1729 7 - High - September 01, 2022

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Race Condition

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

CVE-2022-1729 7 - High - September 01, 2022

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Race Condition

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

CVE-2022-1729 7 - High - September 01, 2022

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Race Condition

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

CVE-2022-1729 7 - High - September 01, 2022

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Race Condition

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

CVE-2022-1729 7 - High - September 01, 2022

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Race Condition

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges

CVE-2022-1729 7 - High - September 01, 2022

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

Race Condition

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container

CVE-2022-23452 4.9 - Medium - September 01, 2022

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.

AuthZ

In SQlite 3.31.1

CVE-2020-35525 7.5 - High - September 01, 2022

In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.

NULL Pointer Dereference

In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views

CVE-2020-35527 9.8 - Critical - September 01, 2022

In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.

Buffer Overflow

In SQlite 3.31.1

CVE-2020-35525 7.5 - High - September 01, 2022

In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.

NULL Pointer Dereference

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously

CVE-2022-3028 7 - High - August 31, 2022

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.

Race Condition

A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.

CVE-2020-35538 5.5 - Medium - August 31, 2022

A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo.

NULL Pointer Dereference

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function

CVE-2022-1355 6.1 - Medium - August 31, 2022

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.

Buffer Overflow

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function

CVE-2022-1354 5.5 - Medium - August 31, 2022

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.

Memory Corruption

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete

CVE-2022-1974 4.1 - Medium - August 31, 2022

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.

Dangling pointer

There is a sleep-in-atomic bug in /net/nfc/netlink.c

CVE-2022-1975 5.5 - Medium - August 31, 2022

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.

There is a sleep-in-atomic bug in /net/nfc/netlink.c

CVE-2022-1975 5.5 - Medium - August 31, 2022

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete

CVE-2022-1974 4.1 - Medium - August 31, 2022

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.

Dangling pointer

There is a sleep-in-atomic bug in /net/nfc/netlink.c

CVE-2022-1975 5.5 - Medium - August 31, 2022

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.

There is a sleep-in-atomic bug in /net/nfc/netlink.c

CVE-2022-1975 5.5 - Medium - August 31, 2022

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete

CVE-2022-1974 4.1 - Medium - August 31, 2022

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.

Dangling pointer

There is a sleep-in-atomic bug in /net/nfc/netlink.c

CVE-2022-1975 5.5 - Medium - August 31, 2022

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.

A NULL pointer dereference flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol

CVE-2022-1205 4.7 - Medium - August 31, 2022

A NULL pointer dereference flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

NULL Pointer Dereference

A NULL pointer dereference flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol

CVE-2022-1205 4.7 - Medium - August 31, 2022

A NULL pointer dereference flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

NULL Pointer Dereference

A NULL pointer dereference flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol

CVE-2022-1205 4.7 - Medium - August 31, 2022

A NULL pointer dereference flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

NULL Pointer Dereference

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete

CVE-2022-1974 4.1 - Medium - August 31, 2022

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.

Dangling pointer

There is a sleep-in-atomic bug in /net/nfc/netlink.c

CVE-2022-1975 5.5 - Medium - August 31, 2022

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete

CVE-2022-1974 4.1 - Medium - August 31, 2022

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.

Dangling pointer

A NULL pointer dereference flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol

CVE-2022-1205 4.7 - Medium - August 31, 2022

A NULL pointer dereference flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

NULL Pointer Dereference

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled

CVE-2022-1263 5.5 - Medium - August 31, 2022

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

NULL Pointer Dereference

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete

CVE-2022-1974 4.1 - Medium - August 31, 2022

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.

Dangling pointer

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux

CVE-2022-1198 5.5 - Medium - August 29, 2022

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.

Dangling pointer

A flaw was found in the Linux kernel

CVE-2022-1199 7.5 - High - August 29, 2022

A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.

NULL Pointer Dereference

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free

CVE-2022-1016 5.5 - Medium - August 29, 2022

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Dangling pointer

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol

CVE-2022-1204 5.5 - Medium - August 29, 2022

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

Dangling pointer

A flaw was found in the Linux kernel

CVE-2022-1199 7.5 - High - August 29, 2022

A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.

NULL Pointer Dereference

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol

CVE-2022-1204 5.5 - Medium - August 29, 2022

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

Dangling pointer

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation

CVE-2022-0358 7.8 - High - August 29, 2022

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

Improper Check for Dropped Privileges

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux

CVE-2022-1198 5.5 - Medium - August 29, 2022

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.

Dangling pointer

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux

CVE-2022-1198 5.5 - Medium - August 29, 2022

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.

Dangling pointer

A flaw was found in the Linux kernel

CVE-2022-1199 7.5 - High - August 29, 2022

A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.

NULL Pointer Dereference

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol

CVE-2022-1204 5.5 - Medium - August 29, 2022

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

Dangling pointer

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free

CVE-2022-1016 5.5 - Medium - August 29, 2022

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Dangling pointer

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free

CVE-2022-1016 5.5 - Medium - August 29, 2022

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Dangling pointer

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free

CVE-2022-1016 5.5 - Medium - August 29, 2022

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Dangling pointer

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free

CVE-2022-1016 5.5 - Medium - August 29, 2022

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Dangling pointer

A flaw was found in dpdk

CVE-2022-0669 6.5 - Medium - August 29, 2022

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free

CVE-2022-1016 5.5 - Medium - August 29, 2022

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Dangling pointer

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol

CVE-2022-1204 5.5 - Medium - August 29, 2022

A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

Dangling pointer

A flaw was found in the Linux kernel

CVE-2022-1199 7.5 - High - August 29, 2022

A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.

NULL Pointer Dereference

A vulnerability was found in linux kernel, where an information leak occurs

CVE-2022-0850 7.1 - High - August 29, 2022

A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure

CVE-2022-0336 8.8 - High - August 29, 2022

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.

Incorrect Default Permissions

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation

CVE-2022-0358 7.8 - High - August 29, 2022

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

Improper Check for Dropped Privileges

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer)

CVE-2022-0175 5.5 - Medium - August 26, 2022

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

Missing Initialization of Resource

A denial of service (DOS) issue was found in the Linux kernels smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return

CVE-2022-0168 4.4 - Medium - August 26, 2022

A denial of service (DOS) issue was found in the Linux kernels smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.

NULL Pointer Dereference

A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU

CVE-2021-3929 8.2 - High - August 25, 2022

A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.

Dangling pointer

An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite

CVE-2021-20223 9.8 - Critical - August 25, 2022

An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring()

CVE-2022-2959 7 - High - August 25, 2022

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.

Race Condition

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring()

CVE-2022-2959 7 - High - August 25, 2022

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.

Race Condition

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring()

CVE-2022-2959 7 - High - August 25, 2022

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.

Race Condition

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring()

CVE-2022-2959 7 - High - August 25, 2022

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.

Race Condition

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer)

CVE-2022-0135 7.8 - High - August 25, 2022

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

Memory Corruption

A flaw was found in glibc

CVE-2021-3999 7.8 - High - August 24, 2022

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

off-by-five

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size

CVE-2021-4155 5.5 - Medium - August 24, 2022

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

Incorrect Calculation of Buffer Size

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size

CVE-2021-4155 5.5 - Medium - August 24, 2022

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

Incorrect Calculation of Buffer Size

A flaw was found in glibc

CVE-2021-3999 7.8 - High - August 24, 2022

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

off-by-five

A flaw was found in glibc

CVE-2021-3998 7.5 - High - August 24, 2022

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

Unchecked Return Value

A NULL pointer dereference issue was found in the ACPI code of QEMU

CVE-2021-4158 6 - Medium - August 24, 2022

A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

NULL Pointer Dereference

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size

CVE-2021-4155 5.5 - Medium - August 24, 2022

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

Incorrect Calculation of Buffer Size