Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-5630-1
HistorySep 22, 2022 - 4:29 p.m.

linux-raspi-5.4 vulnerabilities

2022-09-2216:29:56
Google
osv.dev
15
linux kernel
raspberry pi
vulnerabilities
framebuffer driver
font size
out-of-bounds write
local attacker
denial of service
arbitrary code
ip implementation
randomization
port offsets
sensitive information
race condition
use-after-free
perf subsystem
device-mapper verity driver
netfilter subsystem
packet truncation
remote attacker

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.009

Percentile

82.8%

JSON

It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)

Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation
in the Linux kernel did not provide sufficient randomization when
calculating port offsets. An attacker could possibly use this to expose
sensitive information. (CVE-2022-1012, CVE-2022-32296)

Norbert Slusarek discovered that a race condition existed in the perf
subsystem in the Linux kernel, resulting in a use-after-free vulnerability.
A privileged local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1729)

It was discovered that the device-mapper verity (dm-verity) driver in the
Linux kernel did not properly verify targets being loaded into the device-
mapper table. A privileged attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-2503)

Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter
subsystem in the Linux kernel did not properly handle rules that truncated
packets below the packet header size. When such rules are in place, a
remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2022-36946)

Related

openvas 27
osv 24
nessus 39
ubuntu 16
ubuntucve 6
redhatcve 6
ibm 3
redhat 7
cbl_mariner 10
debiancve 6
nvd 6
prion 6
cvelist 6
oraclelinux 6
almalinux 4
cve 6
f5 2
veracode 4
githubexploit 3
rocky 2
fedora 9
cnvd 1
openvas
openvas
Ubuntu: Security Advisory (USN-5660-1)
2022-10-06 00:00:00
Ubuntu: Security Advisory (USN-5647-1)
2022-09-29 00:00:00
Ubuntu: Security Advisory (USN-5639-1)
2022-09-27 00:00:00
osv
osv
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi vulnerabilities
2022-09-21 09:25:51
linux-gcp-5.4 vulnerabilities
2022-10-06 00:21:16
linux-gcp vulnerabilities
2022-09-28 21:02:21
nessus
nessus
Ubuntu 18.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-5630-1)
2022-09-22 00:00:00
Ubuntu 18.04 LTS : Linux kernel (GCP) vulnerabilities (USN-5660-1)
2022-10-05 00:00:00
Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5639-1)
2022-09-26 00:00:00
ubuntu
ubuntu
Linux kernel (Azure CVM) vulnerabilities
2022-09-26 00:00:00
Linux kernel (GCP) vulnerabilities
2022-09-28 00:00:00
Linux kernel (GKE) vulnerabilities
2022-10-04 00:00:00
ubuntucve
ubuntucve
CVE-2022-32296
2022-06-05 00:00:00
CVE-2021-33655
2022-07-18 00:00:00
CVE-2022-2503
2022-08-12 00:00:00
redhatcve
redhatcve
CVE-2022-32296
2022-06-14 14:30:03
CVE-2021-33655
2022-07-21 10:46:26
CVE-2022-2503
2023-03-13 18:13:50
ibm
ibm
Security Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Elastic Storage System
2022-12-13 13:33:54
Security Bulletin: Vulnerability in Kernel (CVE-2022-1012) affects Power HMC
2023-01-08 16:04:52
Security Bulletin: IBM DataPower Gateway subject to a memory leak in TCP source port generation (CVE-2022-1012)
2022-12-16 18:58:43
redhat
redhat
(RHSA-2022:5636) Important: kernel security and bug fix update
2022-07-19 14:44:22
(RHSA-2022:5249) Important: kernel security and bug fix update
2022-06-28 08:27:25
(RHSA-2022:5267) Important: kernel-rt security and bug fix update
2022-06-28 08:29:41
cbl_mariner
cbl_mariner
CVE-2022-32296 affecting package kernel for versions less than 5.15.48.1-2
2022-07-01 21:02:42
CVE-2022-32296 affecting package kernel 5.10.123.1-1
2022-08-12 16:45:24
CVE-2021-33655 affecting package kernel for versions less than 5.15.67.1-4
2022-10-05 23:34:27
debiancve
debiancve
CVE-2022-32296
2022-06-05 22:15:08
CVE-2021-33655
2022-07-18 15:15:07
CVE-2022-2503
2022-08-12 11:15:07
nvd
nvd
CVE-2022-32296
2022-06-05 22:15:08
CVE-2021-33655
2022-07-18 15:15:07
CVE-2022-2503
2022-08-12 11:15:07
prion
prion
Double free
2022-06-05 22:15:00
Out-of-bounds
2022-07-18 15:15:00
Code injection
2022-07-27 20:15:00
cvelist
cvelist
CVE-2022-32296
2022-06-05 21:53:54
CVE-2021-33655
2022-07-18 14:45:50
CVE-2022-36946
2022-07-27 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2022-06-30 00:00:00
Unbreakable Enterprise kernel-container security update
2022-05-21 00:00:00
Unbreakable Enterprise kernel security update
2022-05-20 00:00:00
almalinux
almalinux
Important: kernel security and bug fix update
2022-07-01 00:00:00
Important: kernel-rt security and bug fix update
2022-06-28 00:00:00
Important: kernel-rt security and bug fix update
2022-07-13 00:00:00
cve
cve
CVE-2022-32296
2022-06-05 22:15:08
CVE-2021-33655
2022-07-18 15:15:07
CVE-2022-36946
2022-07-27 20:15:08
f5
f5
K45164470 : Linux kernel vulnerability CVE-2022-36946
2022-08-12 00:00:00
K000132933 : Linux kernel vulnerability CVE-2022-1729
2023-03-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-09-26 10:34:52
Authentication Bypass
2022-09-26 10:48:14
Memory Leak
2022-07-21 00:43:27
githubexploit
githubexploit
Exploit for CVE-2022-36946
2022-07-28 11:22:13
Exploit for Vulnerability in Linux Linux Kernel
2022-08-02 18:57:19
Exploit for CVE-2022-36946
2022-11-03 09:49:23
rocky
rocky
kernel security, bug fix, and enhancement update
2022-07-13 06:31:31
kernel-rt security and bug fix update
2022-07-13 06:31:32
fedora
fedora
[SECURITY] Fedora 35 Update: kernel-headers-5.17.11-200.fc35
2022-05-28 01:22:58
[SECURITY] Fedora 35 Update: kernel-5.17.11-200.fc35
2022-05-28 01:22:58
[SECURITY] Fedora 36 Update: kernel-tools-5.17.11-300.fc36
2022-05-28 01:16:41
cnvd
cnvd
Linux kernel competition condition issue vulnerability (CNVD-2022-74091)
2022-09-09 00:00:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.009

Percentile

82.8%

JSON
Related for OSV:USN-5630-1
openvas27osv24nessus39ubuntu16ubuntucve6redhatcve6ibm3redhat7cbl_mariner10debiancve6nvd6prion6cvelist6oraclelinux6almalinux4cve6f52veracode4githubexploit3rocky2fedora9cnvd1