David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2602)
Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318)
Hao Sun and Jiacheng Xu discovered that the NILFS file system implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2978)
Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-3028)
Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX storage controller driver in the Linux kernel did not properly handle certain structures. A local attacker could potentially use this to expose sensitive information (kernel memory). (CVE-2022-40768)
Sönke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41674)
Sönke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42719)
Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42720)
Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly handle BSSID/SSID lists in some situations. A physically proximate attacker could use this to cause a denial of service (infinite loop). (CVE-2022-42721)
Sönke Huster discovered that the WiFi driver stack in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2022-42722)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "5.17.0-1020.21", "binary_name": "linux-buildinfo-5.17.0-1020-oem" }, { "binary_version": "5.17.0-1020.21", "binary_name": "linux-headers-5.17.0-1020-oem" }, { "binary_version": "5.17.0-1020.21", "binary_name": "linux-image-unsigned-5.17.0-1020-oem" }, { "binary_version": "5.17.0-1020.21", "binary_name": "linux-image-unsigned-5.17.0-1020-oem-dbgsym" }, { "binary_version": "5.17.0-1020.21", "binary_name": "linux-modules-5.17.0-1020-oem" }, { "binary_version": "5.17.0-1020.21", "binary_name": "linux-modules-iwlwifi-5.17.0-1020-oem" }, { "binary_version": "5.17.0-1020.21", "binary_name": "linux-oem-5.17-headers-5.17.0-1020" }, { "binary_version": "5.17.0-1020.21", "binary_name": "linux-oem-5.17-tools-5.17.0-1020" }, { "binary_version": "5.17.0-1020.21", "binary_name": "linux-oem-5.17-tools-host" }, { "binary_version": "5.17.0-1020.21", "binary_name": "linux-tools-5.17.0-1020-oem" } ] }