The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-3646 | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability. | -- | Oct 21, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3635 | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. | -- | Oct 21, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3629 | A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability. | -- | Oct 21, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3621 | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920. | -- | Oct 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3594 | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363. | -- | Oct 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3586 | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. | -- | Oct 21, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3577 | An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write. | -- | Oct 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3553 | A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability. | -- | Oct 19, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3551 | A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052. | -- | Oct 19, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3550 | A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051. | -- | Oct 19, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3524 | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability. | -- | Oct 16, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3256 | Use After Free in GitHub repository vim/vim prior to 9.0.0530. | -- | Sep 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3239 | A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | -- | Sep 21, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3234 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | -- | Sep 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3202 | A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. | -- | Sep 16, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3061 | Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn\'t check the value of \'pixclock\', so it may cause a divide by zero error. | -- | Sep 1, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3028 | A race condition was found in the Linux kernel\'s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. | -- | Sep 3, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2991 | A heap-based buffer overflow was found in the Linux kernel\'s LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. | -- | Aug 25, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2980 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. | -- | Aug 27, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2978 | A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | -- | Aug 24, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2977 | A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system. | -- | Sep 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2964 | A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | -- | Aug 28, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2953 | LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. | -- | Aug 29, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2929 | In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. | -- | Oct 7, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2928 | In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\'s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. | -- | Oct 7, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2923 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. | -- | Aug 24, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2795 | By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver\'s performance, effectively denying legitimate clients access to the DNS resolution service. | -- | Sep 25, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2663 | An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. | -- | Sep 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2601 | A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. | -- | Nov 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2598 | Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. | -- | Aug 5, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2588 | It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | -- | Aug 10, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2526 | A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in \'resolved-dns-stream.c\' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. | -- | Aug 22, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2380 | The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel. | -- | Jul 14, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2345 | Use After Free in GitHub repository vim/vim prior to 9.0.0046. | MEDIUM | Jul 8, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2320 | A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. | -- | Jul 13, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2319 | A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. | -- | Jul 13, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2318 | There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | MEDIUM | Jul 7, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2309 | NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn\'t be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. | MEDIUM | Jul 5, 2022 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2022-2289 | Use After Free in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 3, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2286 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2285 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2284 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2257 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 1, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2206 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 26, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2175 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2153 | A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. | -- | Jun 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2125 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 19, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2122 | DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. | -- | Jun 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2097 | AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\'t written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | MEDIUM | Jul 9, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2068 | In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). | HIGH | Jun 21, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
