Category Archives: Advisories

USN-5518-1: Linux kernel vulnerabilities

Read Time:1 Minute, 24 Second

It was discovered that the eBPF implementation in the Linux kernel did not
properly prevent writes to kernel objects in BPF_BTF_LOAD commands. A
privileged local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-0500)

It was discovered that the Marvell NFC device driver implementation in the
Linux kernel did not properly perform memory cleanup operations in some
situations, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system) or execute
arbitrary code. (CVE-2022-1734)

Yongkang Jia discovered that the KVM hypervisor implementation in the Linux
kernel did not properly handle guest TLB mapping invalidation requests in
some situations. An attacker in a guest VM could use this to cause a denial
of service in the host OS (system crash). (CVE-2022-1789)

Duoming Zhou discovered a race condition in the NFC subsystem in the Linux
kernel, leading to a use-after-free vulnerability. A privileged local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2022-1974)

Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not
properly prevent context switches from occurring during certain atomic
context operations. A privileged local attacker could use this to cause a
denial of service (system crash). (CVE-2022-1975)

Minh Yuan discovered that the floppy driver in the Linux kernel contained a
race condition in some situations, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-33981)

Read More

USN-5517-1: Linux kernel (OEM) vulnerabilities

Read Time:27 Second

It was discovered that the Atheros ath9k wireless device driver in the
Linux kernel did not properly handle some error conditions, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-1679)

It was discovered that the virtio RPMSG bus driver in the Linux kernel
contained a double-free vulnerability in certain error conditions. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-34494)

Read More

Known Active Exploitation of Windows CSRSS Elevation of Privilege Vulnerability (CVE-2022-22047)

Read Time:1 Minute, 27 Second

FortiGuard Labs is aware of a newly reported and actively exploited zero day targeting Microsoft Windows and Windows Server (Windows CSRSS Elevation of Privilege Vulnerability). Assigned CVE-2022-22047, this vulnerability was discovered by Microsoft internally and credited to the Microsoft Security Response Center. As this vulnerability was disclosed by Microsoft, details surrounding this exploit are limited. Attackers successfully exploiting this vulnerability will gain SYSTEM privileges. Patches for this vulnerability were rolled out in this month’s July 2022 release, which addresses 84 known vulnerabilities.US-CERT (CISA) has added CVE-2022-22047 to its recently published Known Exploited Vulnerabilities Catalog. A link can be found in the APPENDIX section.Is this Being Exploited in the Wild?Yes. Microsoft has confirmed reports of active exploitation.How Serious of a Vulnerability is this?Medium. This is due to the vulnerability not being remotely exploitable and a patch being available.What is the CVSS score for this issue?7.8Is this Vulnerability Remotely Exploitable?No. This is a local vulnerability.How is this Vulnerability Actively Being Exploited if it is a Local Vulnerability?Although there is no further information on exploitation released by Microsoft, it can be surmised that an unknown remote code execution allowed for an attacker to perform lateral movement and escalate privileges on machines vulnerable to CVE-2022-22047, ultimately allowing for SYSTEM privileges.What Operating Systems are Affected?Microsoft Windows 7,8,10,11 and Microsoft Windows Server 2012 and 2008 versions are affected.Is there a Patch Available?Yes. A patch was included in this months Microsoft July 2022 update.What Protections are Available?Fortinet customers running the latest (IPS) definitions are currently protected against CVE-2022-22047 by the following signature:MS.Windows.CVE-2022-22047.Privilege.Elevation

Read More