CVE-2022-1015 An issue was found in the Linux kernel's netfilter API.

CVE-2022-1015 An issue was found in the Linux kernel's netfilter API.

This issue results because of the NULL pointer dereference during handling of the ICMP table when it is operated upon by xt_conn_netfilter. A local user can take advantage of this issue to cause a denial of service (host/network/system hang) or corruption of data.

Another issue was found in the Linux kernel. This issue causes the system to ignore some invalid data (e.g. invalidaely formed TCP packets), resulting in a denial of service.

Lastly, a race condition was found in the Linux kernel. This issue results because of the unprivileged process being able to access information from other, privileged processes.
The user could exploit this flaw to cause a denial of service (system crash) or possibly gain privileges.

A flaw was found in the Linux kernel in the way the keyring (a component of the file system) handled user-created keys. A local user could create keyring-stored data in an arbitrary way, causing a file system corruption.

A race condition was found in the way the Linux kernel’s virtual memory implementation handled request from the virtual to the physical memory mapped to theio devices. An unprivileged user in a guest operating system could possibly use this flaw to escalate their privileges inside the guest.

An out-of-bounds write flaw was found in the way the EXT4 file system’s i_version data structure was handled when performing write operations

Linux kernel: canaries and testing

The Linux kernel has a well-known flaw that can be used to bypass ASLR and make the system vulnerable to a local attack.
While this issue is mitigated by default in the latest Linux kernel, it can still be exploited if certain conditions are met.

Linux kernel (no CVE assigned yet)

A flaw was found in the Linux kernel’s virtual memory implementation. An unprivileged user may be able to gain elevated privileges.

As a result of this issue, an out-of-bounds write flaw was found in the way the EXT4 file system’s i_version data structure was handled when performing write operations.

Operating system level attacks

A race condition was found in the Linux kernel. This issue results because of a privileged process being able to access information from other, unprivileged processes. The user could exploit this flaw to cause a denial of service (system crash), or possibly gain privileges.

A flaw was found in the Linux kernel in the way the keyring (a component of the file system) handled user-created keys. A local user could create keyring-stored data in an arbitrary way, causing a file system corruption.

An out-of-bounds write flaw was found in the way the EXT4 file system’s i_version data structure was handled when performing write operations

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe