CVE-2022-27950 An error in the Linux kernel's hid subsystem causes a memory leak when a certain event happens.

CVE-2022-27950 An error in the Linux kernel's hid subsystem causes a memory leak when a certain event happens.

This could occur when using the ERM or MCU reports and obtaining error code 1206 ( Reports through HID might not be properly converted from the IN report to the OUT report. As a result, an attacker in the system could make copies of these reports and issue them to trigger the error. This issue could potentially be exploited through malicious USB devices. This issue has been fixed by adding an additional check in the code that converts an IN report to an OUT report. It is recommended that users apply the following update.

CVE-2019-3810 The Linux kernel before 5.16.9, when KVM is enabled, allows a user with access to a guest kernel to corrupt the host stack and bypass intended Supervisor Mode Access Prevention (SMAP) restrictions. This issue has been fixed by finding a way to limit the amount of information that the SMAP implementation can access when checking if a LAX SMAP mode access is prevented or not.

CVE-2019-3689 The ext4_dio_poll function in fs/ext4/inode.c in the Linux kernel before 5.5 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an ext4 filesystem with an ext4_dio_oper_mode set to 2 and an ext4_directory_i_block_t set to 0.

CVE-2019-3688 The ext4_dio_oper_mode function in

^

*inode.c: ext4_dio_oper_mode
This vulnerability allows a user with access to the Linux kernel to corrupt the host stack and bypass intended Supervisor Mode Access Prevention (SMAP) restrictions. This issue has been fixed by limiting the information that can be accessed when checking if a LAX SMAP mode access is prevented or not.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe