New CVE entries this week


Masami Ichikawa
 

Hi !

It's this week's CVE report.

This week reported 8 new CVEs and 0 updated CVEs.

* New CVEs

CVE-2022-3169: Request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET
may cause a DOS

CVSS v3 score is 5.5 MEDIUM.

A denial of service flaw may occur if there is a consecutive request
of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the
device file of the driver, resulting in a PCIe link disconnect.

This bug was reported last October to the kernel bugzilla
(https://bugzilla.redhat.com/show_bug.cgi?id=2125341) but it hasn't
been fixed yet.

Fixed status
Not fixed yet.

CVE-2022-40307: efi: capsule-loader: Fix use-after-free in efi_capsule_write

CVSS v3 score is 4.7 MEDIUM.

There is a race condition that occurs between the efi_capsule_write() and
efi_capsule_flush(). This race condition bug causes use-after-free bug.

Fixed status
mainline: [9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95]

CVE-2022-3077: A buffer overflow vulnerability was found in the Linux
kernel Intel’s iSMT SMBus host controller driver

CVSS v3 score is not assigned.

A buffer overflow vulnerability was found in the Linux kernel Intel’s
iSMT SMBus host controller driver in the way it handled the
I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with
malicious input data. This flaw could allow a local user to crash the
system.

This vulnerability was introduced by commit 5e9a97b ("i2c: ismt:
Adding support for I2C_SMBUS_BLOCK_PROC_CALL") in 5.11-rc1.
This commit is not backported to earlier versions so that 4.4, 4.9,
4.14, 4.19, and 5.10 are not vulnerabile.

Fixed status
mainline: [690b2549b19563ec5ad53e5c82f6a944d910086e]
stable/5.15: [24c6fc6e7453f64cf6cbb4218c62aafdecc16ee1]

CVE-2022-36280: An out-of-bounds(OOB) memory access vulnerability was
found in vmwgfx driver

CVSS v3 score is not assigned(NIST).
CVSS v3 score is 6.3 MEDIUM(CNA).

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx
driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the
Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This
flaw allows a local attacker with a user account on the system to gain
privilege, causing a denial of service(DoS).

Above description said the vulnerability is in
drivers/gpu/vmxgfx/vmxgfx_kms.c but this file doesn't exist in the
mainline. It may be drivers/gpu/drm/vmwgfx/vmwgfx_kms.c instead.

Fixed status
Not fixed yet.

CVE-2022-38096: A NULL pointer dereference vulnerability was found in
vmwgfx driver

CVSS v3 score is 5.5 MEDIUM(NIST).
CVSS v3 score is 6.3 MEDIUM(CNA).

Above description said the vulnerability is in
drivers/gpu/vmxgfx/vmxgfx_kms.c but this file doesn't exist in the
mainline. It may be drivers/gpu/drm/vmwgfx/vmwgfx_kms.c instead.

Fixed status
Not fixed yet.

CVE-2022-38457: A use-after-free vulnerability was found int vmwgfx
drivers driver

CVSS v3 score is 5.5 MEDIUM(NIST).
CVSS v3 score is 6.3 MEDIUM(CNA).

A NULL pointer dereference vulnerability was found in vmwgfx driver in
drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel
with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a
local attacker with a user account on the system to gain privilege,
causing a denial of service(DoS).

Above description said the vulnerability is in
drivers/gpu/vmxgfx/vmxgfx_execbuf.c but this file doesn't exist in the
mainline. It may be drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c instead.

Fixed status
Not fixed yet.

CVE-2022-40133: A use-after-free vulnerability was found in vmwgfx driver

CVSS v3 score 5.5 MEDIUM(NIST).
CVSS v3 score is 6.3 MEDIUM(CNA).

A use-after-free(UAF) vulnerability was found in function
'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in
Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or
Dxxx)'. This flaw allows a local attacker with a user account on the
system to gain privilege, causing a denial of service(DoS).

Above description said the vulnerability is in
drivers/gpu/vmxgfx/vmxgfx_execbuf.c but this file doesn't exist in the
mainline. It may be drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c instead.

Fixed status
Not fixed yet.

CVE-2022-3202: Null Pointer Deference in jfs_evict_inode leads to
Denial of Service

CVSS v3 score is not assigned

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in
Journaled File System (JFS)in the Linux kernel. This could allow a
local attacker to crash the system or leak kernel internal
information.

All stable kernels and cip kernels are fixed this issue.

Fixed status
mainline: [a53046291020ec41e09181396c1e829287b48d47]
stable/4.14: [33bd243566a9b1ca94261dcc2e16c7b9e3a71c15]
stable/4.19: [2ef74e3e0089b6615ee124e1183746974c6bb561]
stable/4.9: [d2e45f0bc25da09efcac658d6e405115fcfa83c2]
stable/5.10: [b9c5ac0a15f24d63b20f899072fa6dd8c93af136]
stable/5.15: [d925b7e78b62805fcc5440d1521181c82b6f03cb]
stable/5.4: [e19c3149a80e4fc8df298d6546640e01601f3758]

* Updated CVEs

No update CVEs.

Fixed status

Currently tracking CVEs

CVE-2021-31615: Unencrypted Bluetooth Low Energy baseband links in
Bluetooth Core Specifications 4.0 through 5.2

There is no fix information.

CVE-2020-26556: kernel: malleable commitment Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26557: kernel: predictable Authvalue in Bluetooth Mesh
Provisioning Leads to MITM

No fix information.

CVE-2020-26559: kernel: Authvalue leak in Bluetooth Mesh Provisioning

No fix information.

CVE-2020-26560: kernel: impersonation attack in Bluetooth Mesh Provisioning

No fix information.

Regards,
--
Masami Ichikawa
Cybertrust Japan Co., Ltd.

Email :masami.ichikawa@...
:masami.ichikawa@...