kernel: kernel info leak issue in pfkey_register

A vulnerability was found in the pfkeyregister function in net/key/afkey.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information...

PT-2022-14461 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions affected versions not specified Description: The issue allows userspace to potentially map the kernel area to be writable, which can be easily exploited. This is because the 'remap pfn range' function may map out of size kern...

AZL-10468 CVE-2022-1012 affecting package kernel for versions less than 5.15.67.1-4

A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem...

Google Android Code Execution Vulnerability (CNVD-2022-71983)

Google Android is a Linux-based open source operating system from Google, Inc. A code execution vulnerability exists in Google Android, which is caused by kernel memory size mapping in remappfnrange. An attacker could exploit this vulnerability to execute arbitrary code on the system...

CVE-2022-2652

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request reproduce e.g. with many %s modifiers in a row...

DEBIAN-CVE-2022-2652

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request reproduce e.g. with many %s modifiers in a row...

UBUNTU-CVE-2022-2652

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request reproduce e.g. with many %s modifiers in a row...

CVE-2022-2652 Use of Externally-Controlled Format String in umlaeute/v4l2loopback

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request reproduce e.g. with many %s modifiers in a row...

PT-2022-17916 · Unknown +3 · V4L2Loopback +3

Name of the Vulnerable Software and Affected Versions: v4l2loopback affected versions not specified Description: The issue allows for potential kernel stack memory leakage due to improperly crafted format strings in the card label. Additionally, there is a possibility of a Denial of Service DoS...

v4l2loopback 格式化字符串错误漏洞

v4l2loopback is a kernel module for creating V4L2 loopback devices by umläute individual developers. A formatting string error vulnerability exists in v4l2loopback, which stems from potentially leaking kernel stack memory based on the way the string is formatted in the card label, as well as...

ASB-A-233972091

'remappfnrange' here may map out of size kernel memory for example, may map the kernel area, and because the 'vma-vmpageprot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploited...

ASB-A-232441339

The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it which makes it available to be freed, and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption...

USN-5541-1: Linux kernel (Azure) vulnerabilities

Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. CVE-2021-4197 Jann Horn discovered that the FUSE file system i...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-016)

The version of kernel installed on the remote host is prior to 5.10.126-117.518. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-016 advisory. Due to the small table perturb size, a memory leak flaw was found in the Linux kernel's TCP source port...

AlmaLinux 8 : kernel (5316) (ALSA-2022:5316)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:5316 advisory. - A buffer over-read at the framebuffer layer in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory,...

多款Apple产品 缓冲区错误漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A buffer error vulnerability exists in Apple iOS version 15.6 and iPadOS version 15.6, which stems from an application tha...

Apple iOS 和 iPadOS 信息泄露漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. Apple iOS version 15.6 and iPadOS version 15.6 contain an information disclosure vulnerability that originates from an...

Apple iOS 和 iPadOS 缓冲区错误漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A buffer error vulnerability exists in Apple iOS and iPadOS that originates from an application that could cause the syste...

多款Apple产品 缓冲区错误漏洞

Apple iOS and Apple iPadOS are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets. A buffer error vulnerability exists in Apple iOS prior to 15.6 and iPadOS prior to 15.6, which stems from a boundary condition i...

多款Apple产品 缓冲区错误漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A buffer error vulnerability exists in Apple iOS and iPadOS, which can be exploited by remote attackers to cause...