CVE-2022-41848 An attacker can remove a PCMCIA device while ioctl calls race, then use-after-free happens.

This issue does not affect systems if an active PCMCIA slot is blocked or if the user configures the kernel to disable PCMCIA support. This security update resolves the race condition. Update to version 3.16.8-1 of the synclink wireless driver (raring/u3.16.8).

CVE-2017-7533: In the Linux kernel through 5.2.x, an uninitialised value in the irq handler of the arm_pmu_set_int() function could lead to local information disclosure when running on armv7 hardware (via RipEMD).

CVE-2017-7534: In the Linux kernel through 5.2.x, the irda_set_encoding() function does not set the length parameter when encoding skb data with a CCMP protocol and ARQ protocol, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an invalid data structure.

CVE-2017-7535: In the Linux kernel through 5.2.x, an error in the VMWARE VMXNET3 driver operation against the member of a virtual network device when receiving certain VMWARE packets can cause a system crash.

CVE-2017-8890: The inode_init_owner function in fs/inode.c in the Linux kernel before 4.11 allows local users to

^^ this is not in the list of security vulnerabilities

**not in the list of security updates
This issue does not affect systems if an active PCMCIA slot is blocked or if the user configures the kernel to disable PCMCIA support. This security update resolves the race condition. Update to version 3.16.8-1 of the synclink wireless driver (raring/u3.16.8).

Timeline

Published on: 09/30/2022 06:15:00 UTC
Last modified on: 10/04/2022 15:09:00 UTC

References