CVE-2022-1280 An 'use-after-free' vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel.

CVE-2022-1280 An 'use-after-free' vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel.

For example, this issue may cause a user to accidentally reveal sensitive information, or to be notified of a possible security issue in the media player. A race condition exists in the way drm_lease_held handles reference counting. This race condition can be exploited by local users to potentially cause a denial of service (kernel crash). Linux kernel version 3.8 and earlier had a use-after-free in the drm_kill_IOctl function in drivers/gpu/drm/drm_dip.c: when doing an ioctl for a dead vc device, due to a race condition. This issue does not affect systems with Linux kernel version 4.4 or later. Firmware versions affected are: radeon: possible crash in hw_dma_len_xfer() with some radeon cards. Intel: possible kernel crash with 5th generation Intel Core i7/i5/Xeon processors due to a race condition. AMD: possible kernel crash with 7th generation AMD Athlon processors due to a race condition. The update to the Linux kernel version 4.14.15 fixes these problems. System administrators are advised to update their system in order to prevent these vulnerabilities. End users who are concerned about these issues should take basic precautions such as keeping their systems up-to-date with the latest patches.

Red Hat has released an updated package that contains these fixes. The following packages have been updated to fix these issues: kernel-PAE

Kernel crash with Linux kernel version 3.10 or older

Red Hat Security Response Team has released a security update to correct a number of security issues in the Linux kernel. One of these issues may cause a user to accidentally reveal sensitive information, or to be notified of a possible security issue in the media player. A race condition exists in the way drm_lease_held handles reference counting. This race condition can be exploited by local users to potentially cause a denial of service (kernel crash).

#1--Why is digital marketing important?
Digital marketing is important because it helps grow your business. If you want people to know who you are, what you do, and how to contact your business, then digital marketing is for you!

Potential CPU exploitation through Software Vulnerability in Microcode Update

The Microcode Update feature in the Linux kernel uses microcode updates to allow for more efficient and effective hardware support. The update includes a new firmware update (firmware-intel-ucode) that is vulnerable to an out-of-bounds heap access issue. This issue may allow local users to execute arbitrary code with elevated privileges.

Kernel crash with PAE enabled (CVE-2022-1281)

The use-after-free in drm_kill_IOctl can be exploited by local users to crash the kernel with the following new line in /usr/src/linux/arch/x86/include/asm/unistd.h:
__get_user_pages_fast+0xa8 28a4829b w32 get_user_pages(struct taskfile *tfp, unsigned long nr)

{"kernel-PAE", "kernel-PAE-debuginfo", "kernel-PAE-debugsource"}

Security Fix: CVE-2016-10708

For example, the following kernel packages were updated to fix these issues: kernel-PAE

Hardware requirements

The following hardware is required to take full advantage of the updated packages:

- System with a CPU that supports virtualization-based security (VT-d)

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe