CVE-2022-44689 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

...

PT-2022-5886 · Microsoft · Windows Subsystem For Linux +1

Name of the Vulnerable Software and Affected Versions: Windows Subsystem for Linux WSL2 affected versions not specified Description: The issue is related to insufficient access control in the Windows Subsystem for Linux WSL2 kernel, which can be exploited to elevate privileges. This can allow an...

PT-2022-6586 · Apple · Macos Big Sur +5

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.7.2 iPadOS versions prior to 15.7.2 macOS Big Sur versions prior to 11.7.2 macOS Monterey versions prior to 12.6.2 macOS Ventura versions prior to 13.1 Description: A logic issue was addressed with improved...

KB5021233: Windows 10 Version 20H2 / 21H1 / 21H2 / 22H2 Security Update (December 2022)

The remote Windows host is missing security update 5021233. It is, therefore, affected by multiple vulnerabilities - PowerShell Remote Code Execution Vulnerability CVE-2022-41076 - Windows Subsystem for Linux WSL2 Kernel Elevation of Privilege Vulnerability CVE-2022-44689 - A remote code executio...

KB5021234: Windows 11 Security Update (December 2022)

The remote Windows host is missing security update 5021234. It is, therefore, affected by multiple vulnerabilities - PowerShell Remote Code Execution Vulnerability CVE-2022-41076 - Windows Subsystem for Linux WSL2 Kernel Elevation of Privilege Vulnerability CVE-2022-44689 - A remote code executio...

Ubuntu: Security Advisory (USN-5773-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-4378

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation A possible workaround is preventing regular users from...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-10072)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10072 advisory. - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34883027 CVE-2022-4378 - proc: avoid integer type confusion i...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-10079)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10079 advisory. - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34883034 CVE-2022-4378 - proc: avoid integer type confusi...

Ubuntu 18.04 LTS : Linux kernel (Azure) vulnerabilities (USN-5774-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5774-1 advisory. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-10073)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-10073 advisory. - proc: procskipspaces shouldn't think it is working on C strings Linus Torvalds Orabug: 34883027 CVE-2022-4378 - proc: avoid integer type confusion i...

CVE-2022-45919

A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB CA EN50221 interface of the DVB core device driver. It could occur in the dvbcaen50221release function if there is a disconnect after an open, because of the lack of a waitevent. A loc...

CVE-2022-45118

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions...

Information disclosure

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions...

Moderate: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...

GSD-2022-1008098 fscrypt: stop using keyrings subsystem for fscrypt_master_key

fscrypt: stop using keyrings subsystem for fscryptmasterkey This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.154 by commit...

GSD-2022-1007832 fscrypt: stop using keyrings subsystem for fscrypt_master_key

fscrypt: stop using keyrings subsystem for fscryptmasterkey This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.8 by commit...

CVE-2022-41802

OpenHarmony kernel_liteos_a (OpenHarmony v3.1.4 and earlier) is affected by a kernel stack overflow when SysClockGetres is called. The issue leaks 4 bytes of padding data from the kernel stack to user space. The vulnerability is documented across multiple sources with affected versions and relate...

CVE-2022-45118 Telephony in communication subsystem sends public events with personal data, but the permission is not set.

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions...

PT-2022-36353 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.154 Description: The issue concerns the use of the keyrings subsystem for fscrypt master key in fscrypt. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kerne...