CVE-2022-1048 The sound kernel flaw allows a user to trigger a use-after-free by calling PCM hw_params. This can lead to a race condition.

This flaw can be exploited when a user is logged into an affected system through the media player. It may occur on any Linux distribution that packages the ALSA library, but it is more likely to happen on distributions that package the ALSA library with a newer version number. This issue affects all versions of Ubuntu older than 14.04 LTS.

An information leak flaw was found in the Linux kernel’s vhost driver. An unprivileged user could access information that should only be accessible by the system administrator. Red Hat Enterprise Linux and its derivatives (such as Red Hat Enterprise Linux 7) are impacted. Debian is not. Ubuntu is not. This issue does not affect the mainline Red Hat Enterprise Linux or Debian distribution.

An information leak was found in the Linux kernel’s Bluetooth daemon. If the Bluetooth daemon is running on a remote system, an unprivileged user can exploit this flaw to obtain information about the remote system, such as its operating system version.

An information leak flaw was found in the Linux kernel’s Bluetooth coexistence feature. An unprivileged user could potentially exploit this flaw to access information regarding other devices on a network and spoof information to appear as another device. This issue does not affect Red Hat Enterprise Linux 7.

An information leak flaw was found in the Linux kernel’s RFS implementation

Vulnerability overview CVE-2019-1645

An information leak flaw was found in the Linux kernel’s processing of incoming bluetooth packets. An unprivileged user could potentially exploit this flaw to obtain sensitive information from a process running with root privileges. This issue does not affect Red Hat Enterprise Linux 7.

An information leak flaw was found in the Linux kernel’s Bluetooth coexistence feature. An unprivileged user could potentially exploit this flaw to access information regarding other devices on a network and spoof information to appear as another device. This issue does not affect Red Hat Enterprise Linux 7.

CVE-2022-1048 is an information leak flaw that affects Linux kernel shipped with Ubuntu 14.04 LTS and older. This flaw can be exploited when a user is logged into an affected system through the media player. It may occur on any Linux distribution that packages the ALSA library, but it is more likely to happen on distributions that package the ALSA library with a newer version number. This issue affects all versions of Ubuntu older than 14.04 LTS.

CVE-2022-1049 is an information leak flaw that affects Linux kernel shipped with Red Hat Enterprise Linux 7 and later, including Red Hat Enterprise Linux 7 Update 4 and earlier. This flaw can be exploited when a user is logged into an affected system through Bluetooth Coexistence feature. It may occur on any Linux distribution that packages Bluetooth support in its kernel, but it is more likely to happen on distributions where the Bluetooth daemon is running on a remote system. This issue does not affect Red Hat Enterprise Linux 6 or earlier releases of Red Hat Enterprise Linux 7 or Red Hat Enterprise Linux 7 Update 2 or earlier releases of Red Hat Enterprise Linux 6.

CVE-2022-1050 is an information leak flaw in Bluetooth coexistence feature that affects all currently supported releases of Ubuntu up to and including 16.04 LTS, as well as Debian 8 (Jessie). It may occur on any distribution where the Bluetooth daemon is running on a remote system, but it's most likely to happen on

Timeline

Published on: 04/29/2022 16:15:00 UTC
Last modified on: 07/04/2022 11:15:00 UTC

References