kernel/ucount.c in the Linux kernel 5.14 through 5.16.4 when unprivileged user namespaces are enabled allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.

...

CVE-2022-24122

A use-after-free vulnerability was found in the Linux kernel’s allocucounts in the kernel/ucount.c function. This flaw allows a local attacker with unprivileged user namespaces to cause a privilege escalation problem. Mitigation To mitigate this problem, disable unprivileged user namespaces: sysc...

PT-2022-2045 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to the version containing commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 Description: A use-after-free exists in the Linux Kernel in the tc new tfilter function that could allow a local attacker to gain privilege...

CVE-2022-24122

kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace...

CVE-2022-24122

kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace...

AZL-8451 CVE-2022-24122 affecting package kernel for versions less than 5.15.26.1-1

kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace...

DEBIAN-CVE-2022-24122

kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace...

CVE-2022-24122

kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace...

UBUNTU-CVE-2022-24122

kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace...

Mageia: Security Advisory (MGASA-2014-0273)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1010)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - net/netfilter/nfconntrackstandalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes...

Mageia: Security Advisory (MGASA-2022-0021)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0074)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0097)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: fs_context: heap overflow in legacy parameter handling

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...

PT-2022-1414 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.14 through 5.16.4 Description: The issue is related to a use-after-free vulnerability in the Linux kernel, specifically in the kernel/ucount.c file, when unprivileged user namespaces are enabled. This allows a ucounts...

kernel: fs_context: heap overflow in legacy parameter handling

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...

kernel: fs_context: heap overflow in legacy parameter handling

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...

kernel: fs_context: heap overflow in legacy parameter handling

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...

CVE-2022-0185

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...