CVE-2022-0400 An out-of-bounds read was found in the smc protocol stack, causing remote DOS.

This vulnerability is rated as high severity because it can be exploited by an unauthenticated remote attacker to hijack the affected system and cause denial-of-service. A patch has been released.

CVE-2017-1000028: Linux Kernel out-of-bounds read/write in arc_broadcast_msg()

A race condition was discovered in the Linux kernel when upgrading software with the Reliable Datagram Sockets (RDS) protocol. This leads to a situation where a user’s system might be upgraded against her will.

CVE-2017-7889: Race condition in socket activation causes unexpected system behaviour (rv2 #4)

A race condition was discovered in the Linux kernel when accessing xfs file systems. This leads to a situation where a user’s system might be upgraded against her will.

CVE-2017-7645: Incorrect error handling in __kvm_host_set_vcpus() leading to remote code execution.

The Linux kernel in certain situations does not handle attempt to access/copy an object causing a usage of uninitialized memory which could result in information leak or, in extreme cases, memory corruption.
Severity: Medium CVE: ia32cpu This vulnerability allows unprivileged local users to cause information leak.
In some cases, this results in information leak, which could be leveraged by attackers for privilege escalation.

A flaw was

Affected Software

This flaw is related to the Linux kernel version 2.6.36 and older versions, and can be triggered by any local user with access to Kernel Control Register (KCR).

CVE-2017-3169: Memory corruption in convert_to_user_mode()
The Linux kernel before 4.13.11 allows local users to cause a denial of service (memory consumption) by triggering a failed memory allocation.

Linux Kernel IA32 CPU Information Leak Vulnerability

An information leak was discovered in the Linux kernel's IA32 CPU register handling. This allows unprivileged local users to gain sensitive information from the kernel.

Severity: Medium

Vulnerability summary

A flaw was found in the Linux kernel's implementation of the SCTP protocol. This leads to a situation where a local user can cause a system-wide DoS by sending specially crafted socket data.

Vulnerability: CVE-2017-7542
This vulnerability is rated as low severity because it requires an attacker to be authenticated, and this requirement typically limits the potential risk of unauthorized access. Note that exploitation would still require physical access to the computer.

Timeline

Published on: 08/29/2022 15:15:00 UTC
Last modified on: 09/01/2022 20:18:00 UTC

References

• https://bugzilla.redhat.com/show_bug.cgi?id=2040604
• https://access.redhat.com/security/cve/CVE-2022-0400
• https://bugzilla.redhat.com/show_bug.cgi?id=2044575
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400