Lucene search

GoogleOSV:USN-5616-1

HistorySep 16, 2022 - 2:19 p.m.

linux-intel-iotg vulnerabilities

2022-09-1614:19:57

Google

osv.dev

asaf modelevsky

intel 10gbe

ethernet driver

linux kernel

denial of service

cve-2021-33061

moshe kol

amit klein

yossi gilad

ip implementation

randomization

sensitive information

cve-2022-1012

cve-2022-32296

norbert slusarek

race condition

perf subsystem

use-after-free

privilege escalation

system crash

arbitrary code

cve-2022-1729

qiuhao li

gaoning pan

yongkang jia

kvm hypervisor

illegal instruction

null pointer dereference

cve-2022-1852

udf file system

out-of-bounds write

gerald lee

ntfs file system

error conditions

exposure of sensitive information

cve-2022-1973

device-mapper verity

dm-verity driver

privileged attacker

cve-2022-2503

zheyu ma

intel ismt smbus host controller

pipe buffers

privilege escalation

cve-2022-2959

security vulnerabilities

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.7%

JSON

Asaf Modelevsky discovered that the Intel® 10GbE PCI Express (ixgbe)
Ethernet driver for the Linux kernel performed insufficient control flow
management. A local attacker could possibly use this to cause a denial of
service. (CVE-2021-33061)

Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation
in the Linux kernel did not provide sufficient randomization when
calculating port offsets. An attacker could possibly use this to expose
sensitive information. (CVE-2022-1012, CVE-2022-32296)

Norbert Slusarek discovered that a race condition existed in the perf
subsystem in the Linux kernel, resulting in a use-after-free vulnerability.
A privileged local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1729)

Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered that the KVM hypervisor
implementation in the Linux kernel did not properly handle an illegal
instruction in a guest, resulting in a null pointer dereference. An
attacker in a guest VM could use this to cause a denial of service (system
crash) in the host OS. (CVE-2022-1852)

It was discovered that the UDF file system implementation in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-1943)

Gerald Lee discovered that the NTFS file system implementation in the Linux
kernel did not properly handle certain error conditions, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly expose sensitive information.
(CVE-2022-1973)

It was discovered that the device-mapper verity (dm-verity) driver in the
Linux kernel did not properly verify targets being loaded into the device-
mapper table. A privileged attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-2503)

Zheyu Ma discovered that the Intel iSMT SMBus host controller driver in the
Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-2873)

Selim Enes Karaduman discovered that a race condition existed in the pipe
buffers implementation of the Linux kernel. A local attacker could use this
to cause a denial of service (system crash) or possibly escalate
privileges. (CVE-2022-2959)