CVE-2022-1353 A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel

CVE-2022-1353 A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel

This issue affects the Red Hat Enterprise Linux 5 and 6 kernels as well as the Debian 6 and 7 kernels. Red Hat has provided a patch to fix this issue.

It was discovered that the Linux kernel did not handle user-space requested maps of more than 2^31 elements correctly. A local attacker could use this flaw to crash the system or possibly escalate their privileges on affected systems.

Another flaw was found in the Linux kernel’s handling of symbolic address connections when using a VLAN interface. A remote attacker could use this flaw to crash a system on an affected network by transmitting a specially crafted packet.

It was discovered that the procfs file system created by the Linux kernel did not correctly handle race condition when checking the permissions for a process. This could lead to information leak or privilege escalation.

It was found that the Linux kernel’s ptrace implementation allowed user access to ptrace system calls, allowing privilege escalation.

It was discovered that the XFS file system implementation in the Linux kernel did not correctly handle under-length file names when using the extents feature. A local user with the ability to mount a file system can use this flaw to crash the system to gain access to data.

It was discovered that the Linux kernel did not correctly handle invalid lengths for file names when using the ext4 file system

CVE-2021-1352

This issue affects the Linux kernel as well as the Debian version of this system.

It was discovered that the btrfs file system implementation in the Linux kernel did not handle certain errors correctly. A local user with permission to mount a btrfs file system could use this flaw to cause a denial of service or escalate their privileges on the system.

Check disk for hard disk drive (HDD) defects

This issue affects the Red Hat Enterprise Linux 5 and 6 kernels as well as the Debian 6 and 7 kernels. Red Hat has provided a patch to fix this issue.

It was discovered that the Linux kernel did not handle user-space requested maps of more than 2^31 elements correctly. A local attacker could use this flaw to crash the system or possibly escalate their privileges on affected systems.
Another flaw was found in the Linux kernel’s handling of symbolic address connections when using a VLAN interface. A remote attacker could use this flaw to crash a system on an affected network by transmitting a specially crafted packet.
It was discovered that the procfs file system created by the Linux kernel did not correctly handle race condition when checking the permissions for a process. This could lead to information leak or privilege escalation.
It was found that the Linux kernel’s ptrace implementation allowed user access to ptrace system calls, allowing privilege escalation.
It was discovered that the XFS file system implementation in the Linux kernel did not correctly handle under-length file names when using the extents feature. A local user with the ability to mount a file system can use this flaw to crash the system to gain access to data.

Linux Kernel Type Confusion Vulnerability

The CVE-2022-1353 type confusion vulnerability was discovered in the Linux kernel. A local attacker could use this flaw to crash the system or potentially escalate their privileges on affected systems.

Another flaw was found in the Linux kernel’s handling of symbolic address connections when using a VLAN interface. A remote attacker could use this flaw to crash a system on an affected network by transmitting a specially crafted packet.

It was discovered that the procfs file system created by the Linux kernel did not correctly handle race condition when checking the permissions for a process. This could lead to information leak or privilege escalation.

It was found that the Linux kernel’s ptrace implementation allowed user access to ptrace system calls, allowing privilege escalation.

It was discovered that the XFS file system implementation in the Linux kernel did not correctly handle under-length file names when using the extents feature. A local user with the ability to mount a file system can use this flaw to crash the system to gain access to data.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe