BDU:2022-04777

Уязвимость реализации функции ip_check_mc_rcu() компонента Inet Sockets ядра операционных систем Android, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.0) Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2022-20141

Published: 2022-09-09

BDU:2022-07354

Уязвимость ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2022-3077

Published: 2022-06-15
Modified: 2024-11-21

CVE-2022-20141

In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2022-09-09
Modified: 2024-11-21

CVE-2022-3077

A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.0

Package kernel-image-centos update in sisyphus on 2022-09-27

ALT-PU-2022-2679-1

Closed vulnerabilities

BDU:2022-04777

BDU:2022-07354

CVE-2022-20141

CVE-2022-3077