CVE-2022-2977 A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices

A malicious user may be able to take advantage of this vulnerability to gain access to sensitive information or possibly have elevated privileges.

An issue was found where a malicious user on the system could potentially bypass RPCCLDD and rld_sign() calls, as well as potentially gain elevated privileges. This issue does not allow for remote code execution on the system; however, it may be possible for an attacker to gain access to sensitive information or possibly have elevated privileges.

An issue was found where a malicious user could potentially bypass RPCCLDD and rld_sign() calls, as well as potentially gain elevated privileges. This issue does not allow for remote code execution on the system; however, it may be possible for an attacker to gain access to sensitive information or possibly have elevated privileges.

An issue was found on the system where a malicious user could potentially bypass RPCCLDD and rld_sign() calls, as well as potentially gain elevated privileges. This issue does not allow for remote code execution on the system; however, it may be possible for an attacker to gain access to sensitive information or possibly have elevated privileges.

It was discovered an invalid pointer dereference could occur in sha256_ssse3_sse4_32() in the Linux kernel. A local attacker can exploit this flaw to possibly cause a denial of service.

It was discovered an uninitialized memory in the Linux kernel could be allocated in the range of 552

Potential Impact of the Vulnerability

A malicious user may be able to take advantage of this vulnerability to gain access to sensitive information or possibly have elevated privileges. This issue does not allow for remote code execution on the system; however, it may be possible for an attacker to gain access to sensitive information or possibly have elevated privileges.

References:

1. https://access.redhat.com/security/cve/CVE-2022-2977
2. https://access.redhat.com/security/cve/CVE-2022-2978

Credit for this vulnerability

The following people contributed to this vulnerability:
- David Sterba

Weakness in sha256_ssse3()

An issue was found where a malicious user on the system could potentially cause a denial of service.

Timeline

Published on: 09/14/2022 21:15:00 UTC
Last modified on: 09/17/2022 03:19:00 UTC

References

• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d8e7007dc7c4d7c8366739bbcd3f5e51dcd470f
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2977