Lucene search

K
osvGoogleOSV:USN-5385-1
HistoryApr 21, 2022 - 6:25 a.m.

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, inux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities

2022-04-2106:25:06
Google
osv.dev
11
linux kernel
ethernet device driver
udf file system
nfs implementation
yam ax.25 driver
vulnerability
null pointer
memory exhaustion
denial of service
arbitrary code
sensitive information
kernel crash
local attacker
cve-2021-43975
cve-2022-0617
cve-2022-24448
cve-2022-24959

AI Score

6

Confidence

High

EPSS

0.001

Percentile

32.1%

Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device
driver in the Linux kernel did not properly validate meta-data coming from
the device. A local attacker who can control an emulated device can use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2021-43975)

It was discovered that the UDF file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious UDF image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-0617)

Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)

It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)