USN-5791-1: Linux kernel vulnerabilities

Read Time:2 Minute, 5 Second

It was discovered that a race condition existed in the Android Binder IPC
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20421)

David Leadbeater discovered that the netfilter IRC protocol tracking
implementation in the Linux Kernel incorrectly handled certain message
payloads in some situations. A remote attacker could possibly use this to
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

It was discovered that the Intel 740 frame buffer driver in the Linux
kernel contained a divide by zero vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2022-3061)

It was discovered that the sound subsystem in the Linux kernel contained a
race condition in some situations. A local attacker could use this to cause
a denial of service (system crash). (CVE-2022-3303)

Gwnaun Jung discovered that the SFB packet scheduling implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-3586)

It was discovered that the NILFS2 file system implementation in the Linux
kernel did not properly deallocate memory in certain error conditions. An
attacker could use this to cause a denial of service (memory exhaustion).
(CVE-2022-3646)

Hyunwoo Kim discovered that an integer overflow vulnerability existed in
the PXA3xx graphics driver in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2022-39842)

It was discovered that a race condition existed in the EFI capsule loader
driver in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-40307)

Zheng Wang and Zhuorao Yang discovered that the RealTek RTL8712U wireless
driver in the Linux kernel contained a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-4095)

It was discovered that the USB monitoring (usbmon) component in the Linux
kernel did not properly set permissions on memory mapped in to user space
processes. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-43750)

Cyber Security News

Cybercriminals Hesitant About Using Generative AI

For want of a cyber nail the kingdom fell

Americans Receive Two Billion Spam Calls Per Month

CISA Warns Congress on Chemical Industry Terror Attacks

Securing the software supply chain webinar

Ukraine Police Dismantle Major Ransomware Group

Cybersecurity Incident Hits Fidelity National Financial

Beneath the Surface: How Hackers Turn NetSupport Against Users

SysJoker Malware: Hamas-Related Threat Expands With Rust Variant

USN-5791-1: Linux kernel vulnerabilities

firefox-flatpak-120.0-2

opendkim-2.11.0-0.36.el9

firefox-120.0-3.fc37

SEC Consult SA-20231123 :: Uninstall Key Caching in Fortra Digital Guardian Agent Uninstaller

SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro

Senec Inverters Home V1, V2, V3 Home & Hybrid Use of Hard-coded Credentials – CVE-2023-39169