ROS-20220919-01

A vulnerability in the Linux kernel’s implementation of the CAN BCM protocol is caused by synchronization errors
when utilizing a shared resource. Exploitation of the vulnerability could allow an attacker to escalate their
privileges

Vulnerability of the legacy_parse_param function of the Linux kernel is related to incorrect checking of the length of passed parameters.
the length of parameters passed. Exploitation of the vulnerability allows an attacker to gain access to confidential data, compromising its integrity.
confidential data, compromise its integrity, and cause a denial of service.

Vulnerability of the iSCSI subsystem of the Linux operating system kernel is related to the operation exceeding the buffer boundaries.
in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service or escalate
privileges through the use of specially crafted Netlink messages

Vulnerability of usb_8dev_start_xmit function (drivers/net/can/usb/usb_8dev.c) of the Linux kernel
is related to a memory re-release error. Exploiting the vulnerability could allow an attacker,
acting remotely, to affect the confidentiality, integrity, and availability of protected information.
information

A vulnerability in the implementation of proxy-virtualized TPM devices in the Linux kernel is related to the use of
memory after release. Exploitation of the vulnerability could allow an attacker acting remotely,
Create a situation where privileges can be escalated on the system

A vulnerability in the xt_compat_target_from_user() function (net/netfilter/x_tables.c) of the netfilter subsystem of the
of Linux operating systems is related to writing beyond buffer boundaries in memory. Exploitation of the vulnerability could
allow an attacker to cause a denial of service or escalate privileges by calling
compat_setsockopt() with IPT_SO_SET_REPLACE or IP6T_SO_SET_REPLACE values set

A vulnerability in the f2fs module of the Linux operating system kernel is related to reading beyond buffer boundaries in memory.
Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability of the eBPF subsystem of the Linux kernel is related to reading beyond buffer boundaries in memory.
memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code in the kernel context

Vulnerability of drivers/usb/gadget/legacy/inode.c component of Linux operating systems kernel is related to a memory release error
memory freeing error. Exploitation of the vulnerability could allow an attacker to cause a denial of service

Vulnerability of smtcfb_read() function of Linux operating system kernel is related to reading data outside the boundaries of the
buffer in memory. Exploitation of the vulnerability could allow an attacker to disclose protected information and
cause a denial of service

Vulnerability of nft_expr_init function (net/netfilter/nf_tables_api.c) of the Netfilter packet filtering software of the Netfilter kernel of the Linux operating system.
Netfilter packet filtering software of the Linux operating system kernel is related to the possibility of using memory after a
release. Exploitation of the vulnerability could allow an attacker to elevate his privileges to root level

Vulnerability in the implementation of the get_user_pages_fast() function of the Kernel-based Virtual Machine (KVM) kernel virtualization subsystem.
Machine (KVM) kernel of Linux operating systems is related to writing data outside the buffer in memory.
Exploitation of the vulnerability could allow an attacker to cause a denial of service or elevate their
privileges

A vulnerability in the __bpf_skb_max_len() function in the Linux kernel’s net/core/filter.c file is related to a read error
outside of memory boundaries. Exploitation of the vulnerability could allow a local attacker with special
privileges to access the excess memory, resulting in a system crash or leak of internal
kernel information

A vulnerability in the show_transport_handle function (/scsi/scsi_transport_transport_iscsi.c) of the Linux operating system kernel
is related to access delimitation errors. Exploitation of the vulnerability could allow an attacker to have an impact on the confidentiality, integrity, and security of the Linux kernel.
affect confidentiality, integrity and availability of protected information

Vulnerability of the function rtas_args.nargs of the driver arch/powerpc/kvm/book3s_rtas.c of the kernel of operating system
Linux is related to an out-of-field write capability. Exploitation of the vulnerability could allow an attacker to cause
memory corruption of the host operating system

The vulnerability in the Linux kernel is related to boundary errors when installing a malicious data font using the
using ioctl cmd PIO_FONT. Exploitation of the vulnerability could allow an attacker to initiate an
unrestricted writes and execute arbitrary code with elevated privileges

A vulnerability in the ems_usb_start_xmit function (drivers/net/can/usb/ems_usb.c) of the Linux operating system kernel
is related to a memory re-release error. Exploiting the vulnerability could allow an attacker,
acting remotely, to affect the confidentiality, integrity, and availability of protected information
information

A vulnerability in the joydev_handle_JSIOCSBTNMAP() function of the Red Hat Enterprise Linux operating system is related to the following
operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a
denial of service or privilege escalation

A vulnerability in the net/sctp/socket.c component of the Linux operating system kernel is caused by a simultaneous
execution using a shared resource with improper synchronization “Race Situation”. Exploitation of the
of the vulnerability could allow an attacker to escalate his privileges

Vulnerability of the function show_transport_handle (/scsi/scsi_transport_transport_iscsi.c) of the Linux operating system kernel
is related to the lack of protection for service data. Exploitation of the vulnerability could allow an attacker to
disclose protected information or cause a denial of service

A vulnerability in the Linux operating system kernel is related to memory utilization after it has been freed.
Exploitation of the vulnerability could allow an attacker to escalate privileges

Vulnerability in the cgroup1_parse_param function of the kernel/cgroup/cgroup-v1.c component of the Linux kernel is related to the lack of verification that memory is used after it has been freed.
Linux is related to the lack of verification that the source parameter is a string. Exploitation of the vulnerability
could allow an attacker to gain access to sensitive data, compromise its integrity, and
cause a denial of service

A vulnerability in the ARM SIGPAGE functionality of the Linux kernel is related to the possibility of using an uninitialized resource.
resource. Exploitation of the vulnerability may allow an attacker to gain access to protected information

Vulnerability of TIPC network protocol implementation (net/tipc/monitor.c) of Linux operating system is related to
writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service or escalate privileges via a specially crafted
network packet

A vulnerability in the eBPF subsystem of the Linux operating system kernel exists due to insufficient validation of the
of input data. Exploitation of the vulnerability could allow an attacker to execute arbitrary code

A vulnerability in the RDMA connection manager of the Linux kernel is related to memory usage
after it has been freed. Exploitation of the vulnerability could allow an attacker to execute arbitrary code

Vulnerability in the X.25 protocol implementation of the Linux kernel is related to pointer dereferencing errors.
pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to crash the system

The mcba_usb_start_xmit (drivers/net/can/usb/mcba_usb.c) vulnerability in Linux kernel is related to a memory re-release error.
with a memory re-release error. Exploiting the vulnerability could allow an attacker,
acting remotely, to affect the confidentiality, integrity, and availability of protected information
information

A vulnerability in the bpf_ringbuf_reserve() function of the Linux operating system kernel is related to writing outside the boundaries of the
buffer in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code in the
kernel context

Vulnerability of the gc_data_segment (fs/f2fs/gc.c) function of the Linux kernel is related to pointer dereferencing errors.
pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker acting remotely,
cause a denial of service

Vulnerability in Linux kernel driver for USB 2.0/3.0 Gigabit Ethernet devices based on ASIX AX88179_178A
is related to read and write operations outside of memory boundaries. Exploitation of the vulnerability could allow
an attacker acting remotely to gain access to potentially sensitive information

A vulnerability in the Journaled File System (JFS) in the Linux kernel is related to the dereferencing of the null
pointer to diFree in the fs/jfs/inode.c file. Exploitation of the vulnerability could allow an attacker,
acting remotely, to cause a system crash or leak internal kernel information

Vulnerability in the implementation of the kvm_s390_guest_sida_op() function of the Kernel-based Virtual Machine (KVM) subsystem of the Kernel virtualization subsystem.
Machine (KVM) kernel of Linux operating systems is related to insufficient protection of service data.
Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected data.
information

Vulnerability of hw_atl_utils_fw_rpc_wait function
(drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c) of Linux kernel is related to
writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute
arbitrary code

Vulnerability of a function in drivers/bluetooth/virtio_bt.c of the Linux operating system kernel is related to memory release errors
memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a
denial of service

A vulnerability in the eBPF subsystem of the Linux kernel is related to a type conversion error.
Exploitation of the vulnerability could allow a remote attacker to gain unauthorized
access to protected information

Vulnerability of cipso_v4_genopt (net/ipv4/cipso_ipv4.c) function of Linux kernel is related to
memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to
execute arbitrary code

Vulnerability in the implementation of the TEE_IOC_OPEN_SESSION or TEE_IOC_INVOKE system call in the Linux kernel is related to the use of uninitialized memory after it has been freed.
Linux is related to the use of an uninitialized resource. Exploitation of the vulnerability could allow
an attacker to cause a denial of service or elevate privileges