USN-5789-1: Linux kernel (OEM) vulnerabilities

Read Time:2 Minute, 0 Second

It was discovered that the NFSD implementation in the Linux kernel did not
properly handle some RPC messages, leading to a buffer overflow. A remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-43945)

Jann Horn discovered that the Linux kernel did not properly track memory
allocations for anonymous VMA mappings in some situations, leading to
potential data structure reuse. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-42703)

Roger Pau Monné discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)

Jan Beulich discovered that the Xen network device frontend driver in the
Linux kernel incorrectly handled socket buffers (skb) references when
communicating with certain backends. A local attacker could use this to
cause a denial of service (guest crash). (CVE-2022-33743)

It was discovered that a memory leak existed in the IPv6 implementation of
the Linux kernel. A local attacker could use this to cause a denial of
service (memory exhaustion). (CVE-2022-3524)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-3564)

It was discovered that the TCP implementation in the Linux kernel contained
a data race condition. An attacker could possibly use this to cause
undesired behaviors. (CVE-2022-3566)

It was discovered that the IPv6 implementation in the Linux kernel
contained a data race condition. An attacker could possibly use this to
cause undesired behaviors. (CVE-2022-3567)

It was discovered that the Realtek RTL8152 USB Ethernet adapter driver in
the Linux kernel did not properly handle certain error conditions. A local
attacker with physical access could plug in a specially crafted USB device
to cause a denial of service (memory exhaustion). (CVE-2022-3594)

It was discovered that a null pointer dereference existed in the NILFS2
file system implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3621)

Cyber Security News

Visualize Change with an Out-of-the-Box Configuration Report

Planet Ice hacked! 240,000 skating fans’ details stolen

GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them

DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000

Financial Services Targeted in 28% of UK Cyber-Attacks Last Year

IoT, connected devices biggest contributors to expanding application attack surface

Guardz debuts with cybersecurity-as-a-service for small businesses

Privacera connects to Dremio’s data lakehouse to aid data governance

Trulioo launches end-to-end identity platform

USN-5789-1: Linux kernel (OEM) vulnerabilities

CVE-2016-15023

USN-5836-1: Vim vulnerabilities

CVE-2020-20402

pesign-116-1.fc37

pesign-115-4.fc36

USN-5835-3: Nova vulnerability