Date
1 - 1 of 1
New CVE entries this week
|
Masami Ichikawa
Hi !
It's this week's CVE report. This week reported 11 new CVEs and 3 updated CVEs. CVE-2022-45884, CVE-2022-45885, CVE-2022-45886, CVE-2022-45887 are fixed in a same patch series. * New CVEs CVE-2022-4129: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference CVSS v3 score is not provided. A NULL pointer dereference bug was found in the l2tp module. Introduced by commit b68777d54fac ("l2tp: Serialize access to sk_user_data with sk_callback_lock") in 6.1-rc6. It fixes commit 3557baa ("[L2TP]: PPP over L2TP driver core") in 2.6.23-rc1. Commit b68777d54fac is not backported to stable kernels so these kernels aren't affected by this issue. Fixed status Patch is available(https://lore.kernel.org/netdev/20221119130317.39158-1-jakub@cloudflare.com/) but not merged yet. CVE-2022-28667: Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software CVSS v3 score is 6.5 MEDIUM. Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software before version 22.140 may allow an unauthenticated user to potentially enable denial of service via adjacent access. According to the Intel security advisory INTEL-SA-00687, it said that "IntelĀ® PROSet/Wireless WiFi drivers to mitigate this vulnerability will be up streamed by November 08, 2022." so the mainline kernel seems affected by this issue. Fixed status Not fixed yet CVE-2022-45884: A use-after-free bug was found in drivers/media/dvb-core/dvbdev.c CVSS v3 score is 7.0 HIGH. An issue was discovered in the Linux kernel. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. It looks like all stable kernels (include 4.4) are affected by this issue. Fixed status Patch is available but it hasn't been merged yet. https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/ CVE-2022-45885: A use-after-free bug was found in drivers/media/dvb-core/dvb_frontend.c CVSS v3 score is 7.0 HIGH. An issue was discovered in the Linux kernel. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. It looks like all stable kernels (include 4.4) are affected by this issue. Fixed status Patch is available but it hasn't been merged yet. https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/ CVE-2022-45886: A use-after-free bug was found in drivers/media/dvb-core/dvb_net.c CVSS v3 score is 7.0 HIGH. An issue was discovered in the Linux kernel. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. It looks like all stable kernels (include 4.4) are affected by this issue. Fixed status Patch is available but it hasn't been merged yet. https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/ CVE-2022-45887: media: ttusb-dec: Fix memory leak in ttusb_dec_exit_dvb() CVSS v3 score is 4.7 MEDIUM. An issue was discovered in the Linux kernel. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. It looks like all stable kernels (including 4.4) are affected by this issue. Fixed status Patch is available but it hasn't been merged yet. https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/ CVE-2022-45888: char: xillybus: Fix use-after-free in xillyusb_open() CVSS v3 score is 6.4 MEDIUM. An issue was discovered in the Linux kernel. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. XILLYUSB driver was added by a53d120 ("char: xillybus: Add driver for XillyUSB (Xillybus variant for USB)" in 5.14-rc1. So, before 5.14 kernels are not affected. Fixed status Patch is available but it hasn't been merged yet. https://lore.kernel.org/all/20221022175404.GA375335@ubuntu/ CVE-2022-45919: media: dvb-core: Fix use-after-free due to race condition occurring in dvb_ca_en50221 CVSS v3 score is 7.0 HIGH. An issue was discovered in the Linux kernel. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur if there is a disconnect after an open, because of the lack of a wait_event. It looks like all stable kernels (include 4.4) are affected by this issue. Fixed status Patch is available but it hasn't been merged yet. https://lore.kernel.org/linux-media/20221121063308.GA33821@ubuntu/T/#u CVE-2022-45934: Bluetooth: L2CAP: Fix u8 overflow CVSS v3 score is not provided. An issue was discovered in the Linux kernel. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. It looks like all stable kernels (include 4.4) are affected by this issue. Fixed status fixed in the bluetooth-next tree. https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d CVE-2022-45869: KVM: x86/mmu: Fix race condition in direct_page_fault CVSS v3 score is not provided. A race condition bug was found in direct_page_fault() it will lead to a systemc crash. Introduced by commit a2855af ("KVM: x86/mmu: Allow parallel page faults for the TDP MMU") in v5.12-rc1-dontuse. It is not backported to stable kernels. so less than 5.12 kernels are not affected by this issue. Fixed status mainline: [47b0c2e4c220f2251fd8dcfbb44479819c715e15] CVE-2022-4139: drm/i915: fix TLB invalidation for Gen12 video and compute enginescip CVSS v3 score is not provided. A random memory corruption or data leaks problem in Intel i915 graphic driver because of incorrect GPU TLB flush. This bug was introduced by commit 7938d61 ("drm/i915: Flush TLBs before releasing backing store") which was backported to all stable kernels. Fixed status mainline: [04aa64375f48a5d430b5550d9271f8428883e550] * Updated CVEs CVE-2022-3169: Request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET may cause a DOS stable kernels are fixed this week. Fixed status mainline: [1e866afd4bcdd01a70a5eddb4371158d3035ce03] stable/5.10: [023435a095d22bcbbaeea7e3a8c534b5c57d0d82] stable/5.15: [b1a27b2aad936746e6ef64c8a24bcb6dce6f926a] stable/6.0: [0c2b1c56252bf19d3412137073c2c07e86f40ba1] CVE-2022-3521: kcm: avoid potential race in kcm_tx_work stable kernels are fixed this week. kernel 4.4 is not affected by this issue. Fixed status mainline: [ec7eede369fe5b0d085ac51fdbb95184f87bfc6c] stable/4.14: [381b6cb3f3e66b84db77028ac7d84f18d80f1153] stable/4.19: [23a0a5869749c7833772330313ae7aec6581ec60] stable/4.9: [fe3f79701fdaf8a087bc7043839e7f8b2e61b6fe] stable/5.10: [7deb7a9d33e4941c5ff190108146d3a56bf69e9d] stable/5.15: [27d706b0d394a907ff8c4f83ffef9d3e5817fa84] stable/5.4: [ad39d09190a545d0f05ae0a82900eee96c5facea] stable/6.0: [2526ac6b0f5a9b38e7e9073e37141cf78408078d] CVE-2022-3344: KVM: SVM: nested shutdown interception could lead to host crash mainline was fixed this week. Fixed status mainline: [16ae56d7e0528559bf8dc9070e3bfd8ba3de80df, ed129ec9057f89d615ba0c81a4984a90345a1684] Currently tracking CVEs CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 There is no fix information. CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning No fix information. CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh Provisioning Leads to MITM No fix information. CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning No fix information. CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning No fix information. Regards, -- Masami Ichikawa Cybertrust Japan Co., Ltd. Email :masami.ichikawa@... :masami.ichikawa@... |
|
|