Lucene search

K
osvGoogleOSV:USN-5358-1
HistoryMar 31, 2022 - 2:36 a.m.

linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.13, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities

2022-03-3102:36:05
Google
osv.dev
14
linux kernel
network traffic control
use-after-free
denial of service
arbitrary code
ipsec
memory allocation
esp transformations
buffer overflow
system crash

AI Score

7.9

Confidence

High

EPSS

0

Percentile

5.1%

It was discovered that the network traffic control implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-1055)

It was discovered that the IPsec implementation in the Linux kernel did not
properly allocate enough memory when performing ESP transformations,
leading to a heap-based buffer overflow. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-27666)