4 matches found
CVE-2022-40768
CVE-2022-40768 affects the Linux kernel (through 5.19.9) where stex_queuecommand_lck does not memset for the PASSTHRU_CMD path, enabling local users to read kernel memory. Affected: drivers/scsi/stex.c in the kernel. Impact: information disclosure from kernel memory; local, low complexity, no use...
CVE-2023-52768
CVE-2023-52768 affects the Linux kernel, specifically the wifi wilc1000 path. The issue arises from a mismatch in allocation size for vmm_table (missing a sizeof(u32) factor), enabling a KASAN slab-out-of-bounds write in wilc_wlan_handle_txq when writing to vmm_table. The connected Astra Linux bu...
CVE-2022-48671
CVE-2022-48671 affects the Linux kernel in the cgroup subsystem: a missing cpus_read_lock() in cgroup_attach_task_all() allowed a deadlock with threadgroup_rwsem, mitigated by adding cpus_read_lock() (aligned with cgroup_procs_write_start()). The issue was observed by syzbot at cpuset_attach() an...
CVE-2022-50323
CVE-2022-50323 (Linux kernel) : The vulnerability stems from skb_append_pagefrags() sensing pfmemalloc status for pages owned by user space, triggering a data race reported by KCSAN in the swap/LRU paths. The fix/mitigation is to stop sensing pfmemalloc status for these pages and to use skb_fill_...