Moderate: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Referenc...

GSD-2022-1008098 fscrypt: stop using keyrings subsystem for fscrypt_master_key

fscrypt: stop using keyrings subsystem for fscryptmasterkey This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.154 by commit...

GSD-2022-1007832 fscrypt: stop using keyrings subsystem for fscrypt_master_key

fscrypt: stop using keyrings subsystem for fscryptmasterkey This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.8 by commit...

CVE-2022-45118 Telephony in communication subsystem sends public events with personal data, but the permission is not set.

OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions...

PT-2022-36353 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.154 Description: The issue concerns the use of the keyrings subsystem for fscrypt master key in fscrypt. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kerne...

CVE-2022-41802 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres.

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernelliteosa has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked...

PT-2022-36488 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.267 Description: The issue is related to the ASoC soc-utils, where the removal of exit for snd soc util exit may potentially lead to security vulnerabilities. However, the actual impact and attack...

PT-2022-27406 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions 3.1.2 and prior Description: The issue concerns the telephony component in the communication subsystem of OpenHarmony, which sends public events containing personal data without proper permission settings. This allows...

PT-2022-36507 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.267 Description: A memory leak issue was discovered in the query regdb file function related to cfg80211, a Linux kernel module for wireless networking. The actual impact and attack plausibility have not y...

CVE-2022-45118

OpenHarmony OpenHarmony-v3.1.2 and earlier versions are affected by CVE-2022-45118. The vulnerability lies in the telephony component of the communication subsystem, which fires public events containing personal data without proper permissions. Malicious apps could listen to these public events a...

CVE-2022-41802

OpenHarmony kernel_liteos_a (OpenHarmony v3.1.4 and earlier) is affected by a kernel stack overflow when SysClockGetres is called. The issue leaks 4 bytes of padding data from the kernel stack to user space. The vulnerability is documented across multiple sources with affected versions and relate...

PT-2024-11850 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a race condition on the per-CQ variable napi work done in the Linux kernel's net component. After calling napi complete done, another CPU can start the napi...

CVE-2022-4269

A flaw was found in the Linux kernel Traffic Control TC subsystem. Using a specific networking configuration redirecting egress packets to ingress using TC action "mirred" a local unprivileged user could trigger a CPU soft lockup ABBA deadlock when the transport protocol in use TCP or SCTP does a...

CVE-2022-4269

CVE-2022-4269 : Linux kernel Traffic Control (TC) vulnerability. When using the mirred action to redirect egress to ingress, a local unprivileged user may trigger a CPU soft lockup (ABBA deadlock) during TCP/SCTP retransmission, causing denial of service. Affected: Linux kernel TC subsystem. Root...

CVE-2022-4269

A flaw was found in the Linux kernel Traffic Control TC subsystem. Using a specific networking configuration redirecting egress packets to ingress using TC action "mirred" a local unprivileged user could trigger a CPU soft lockup ABBA deadlock when the transport protocol in use TCP or SCTP does a...

USN-5758-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-427...

CVE-2022-45869

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service host OS crash or host OS memory corruption when nested virtualisation and the TDP MMU are enabled...

The vulnerability of the Windows Win32 Kernel Subsystem, which allows a hacker to increase their privileges

The vulnerability of the Windows Win32 Kernel Subsystem in the operating system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...

Slackware Linux 15.0 kernel-generic Multiple Vulnerabilities (SSA:2022-333-01)

The version of kernel-generic installed on the remote host is prior to 5.15.80 / 5.15.80smp. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-333-01 advisory. New kernel packages are available for Slackware 15.0 to fix security issues. Tenable has extracted the...

CVE-2022-45885

A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvbfrontend function when closing the device node of dvbfrontend if the device is disconnected. A local user could use this flaw to crash the...