Date
1 - 1 of 1
New CVE entries this week
|
Masami Ichikawa
Hi !
It's this week's CVE report. This week reported 6 new CVEs and 0 updated CVEs. * New CVEs CVE-2022-2639: openvswitch: fix OOB access in reserve_sfa_size() CVSS v3 score is not assigned. An OOB write bug was found in reserve_sfa_size() in the openvswitch subsystem. It will cause system crashes or potentially escalate their privileges on the system. This bug was fixed in the mainline, stable, and cip kernels. Fixed status cip/4.4-st: [25b37bbe34192188ae7f4b04a7bb857621b3a597] mainline: [cefa91b2332d7009bc0be5d951d6cbbf349f90f8] stable/4.14: [6cde4a87248e8d39fad5e5e72e104b6d74fcabef] stable/4.19: [bbbf059337f9a74285c1cf088ff85ee92d149e64] stable/4.9: [1aba176280dcd0eb08e291bc59ba6067df22af98] stable/5.10: [0837ff17d052b7d755d5086208c3445867aaff82] stable/5.15: [e411af98013dba5bce8118ee2b84bd1ad4c36b86] stable/5.4: [aa70705560871725e963945a2d36ace7849c004e] CVE-2022-2590: mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW CVSS v3 score is not assigned. This is kind of Dirty COW like vulnerability in shmem/tmpfs so that it allows unprivileged users to modify read only files. This bug was introduced by commit 9ae0f87d009c ("mm/shmem: unconditionally set pte dirty in mfill_atomic_install_pte") which was merged in 5.16-rc1. If kernel contains commit 9ae0f87d009c and is compiled with CONFIG_USERFAULTFD=y, the kernel will affect this vulnerability. Kernel 4.4, 4.9, 4.19, 5.4, 5.10, 1.15 did not contain commit 9ae0f87d009c so they are not affected. Fixed status Patch is available (https://lore.kernel.org/linux-mm/20220808073232.8808-1-david@redhat.com/) but hasn't been merged into the mainline yet. CVE-2022-2585: Linux kernel POSIX CPU timer UAF CVSS v3 score is not assigned. A use-after-free bug was found in posix_cpu_timer when a non-leader thread calls execve(). This vulnerability may allow an attacker to escalate privilege escalation. Commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not a task") isn't backported to 4.4, 4.9, 4.14, 4.19, and 5.4 kernels so they won't be affected. Patch is available on https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u . Fixed status Patch is available but it hasn't been merged into the mainline yet. CVE-2022-2586: Linux kernel nf_tables cross-table reference UAF CVSS v3 score is not assigned. A use-after-free vulnerability was found in nf_tables. This vulnerability may allow an attacker to escalate privilege escalation. However, to exploit this vulnerability, it requires CAP_NET_ADMIN in user or netns. This bug was introduced by commit 958bee14d071 ("netfilter: nf_tables: use new transaction infrastructure to handle sets") which was merged in 3.16-rc1. So, all stable kernels are affected by this vulnerability. Patch is available on https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t . Fixed status Patch is available but it hasn't been merged into the mainline yet. CVE-2022-2588: Linux kernel cls_route UAF CVSS v3 score is not assigned. A use-after-free vulnerability was found in the net scheduler subsystem. This vulnerability may allow an attacker to escalate privilege escalation. This vulnerability was introduced before the git era. Therefore all stable kernels are affected. Exploiting this vulnerability, it requires CAP_NET_ADMIN in user or netns. Patch is available on https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u . Fixed status Patch is available but it hasn't been merged into the mainline yet. CVE-2022-26373: Post-Barrier Return Stack Buffer Predictions (PBRSB) NIST: CVSS v3 score is not assigned. Intel: CVSS Base Score: 5.5 Medium This vulnerability affects Intel CPUs. The Enhanced Indirect Branch Restricted Speculation (eIBRS) mitigation for Specre V2 doesn't work for RET instruction after VM exits. This causes information disclosure via local access. Fixed status mainline: [2b1299322016731d56807aa49254a5ea3080b6b3, ba6e31af2be96c4d0536f2152ed6f7b6c11bca47] * Updated CVEs no updates. Currently tracking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fix information. CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning No fix information. CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM No fix information. CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning No fix information. CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning No fix information. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@... |
|
|