CVE-2022-45884 An issue was discovered in the Linux kernel through 6.0.9

This issue can occur if a maliciously modified device can cause a kernel crash during media driver register.

CVE-2018-10960 exists in the Linux kernel before version 4.18. The kvm_set_msr_ Host CPU extensions can be exploited to leak host physical address through unknown vectors.

CVE-2018-10965 exists in the Linux kernel before version 3.18. The splice() system call mishandles reductions.

CVE-2018-10967 exists in the Linux kernel before version 4.18. The vhost_copy_skb function in virtual host ( virt/host/vhost_copy.c ) does not initialize a certain data structure, which allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact.

CVE-2018-10969 exists in the Linux kernel before version 4.18. The blkdev_get_data function in block/blkdev.c mishandles a request for data from an invalid device.
Concretely, attackers can cause a denial of service by triggering a memory corruption.

CVE-2018-10970 exists in the Linux kernel before version 4.18. The perf_event_ns_event function in kernel/events/core.c has an integer overflow because it fails to validate the length of an argument.
An attacker can exploit this to crash the system.

CVE-2018-

Linux kernel version information

Linux kernel: 4.12.14-1~deb9u1
Linux kernel: 4.11.5-1
Linux kernel: 3.2.93
Code execution vulnerability in the Linux kernel
The "compat_ioctl32" function in fs/ioctl32.c can be called with incorrect parameters, allowing a local user to cause a denial of service (system crash) or gain administrative privileges.

Operation Scenarios and Outcomes

CVE-2018-10971 exists in the Linux kernel before version 4.18. The nfs4_do_layout function in fs/nfs/nfs4xdr.c does not validate a certain payload length, which allows local users to cause a denial of service (kernel OOPS) or possibly have unspecified other impact via crafted use of the enospc ioctl call.
An attacker could exploit this by sending a long argument to the nfsd ioctl, causing a kernel crash and system reboot.

CVE-2018-10972 is an issue that can occur when the fuse_fill_write() function fails to check the return value of write(). An attacker could exploit this by mapping non-existing or unwritable pages, triggering memory corruption and a kernel crash.

Timeline

Published on: 11/25/2022 04:15:00 UTC
Last modified on: 11/29/2022 21:00:00 UTC

References

• https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/
• https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45884