Headline
CVE-2022-41218: git/torvalds/linux.git - Linux kernel source tree
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
Age
Commit message (Expand)
Author
Files
Lines
2021-11-19
media: dvb-core: Convert to SPDX identifier
Cai Huoqing
1
-11/+1
2021-11-19
media: dmxdev: fix UAF when dvb_register_device() fails
Wang Hai
1
-3/+15
2021-06-09
media: dmxdev: change the check for problems allocing secfeed
Mauro Carvalho Chehab
1
-1/+1
2019-02-18
media: dvb-core: fix epoll() by calling poll_wait first
Hans Verkuil
1
-4/+4
2018-09-12
media: dvb: dmxdev: move compat_ioctl handling to dmxdev.c
Arnd Bergmann
1
-0/+1
2018-06-12
treewide: Use array_size() in vmalloc()
Kees Cook
1
-1/+2
2018-05-09
media: Revert cleanup ktime_set() usage
Jasmin Jessich
1
-1/+1
2018-02-23
media: dvb: update buffer mmaped flags and frame counter
Mauro Carvalho Chehab
1
-9/+15
2018-02-23
media: dmxdev: Fix the logic that enables DMA mmap support
Mauro Carvalho Chehab
1
-33/+42
2018-02-23
media: dmxdev: fix error code for invalid ioctls
Mauro Carvalho Chehab
1
-1/+1
2018-02-23
media: dvb: fix DVB_MMAP symbol name
Arnd Bergmann
1
-15/+15
2018-02-11
vfs: do bulk POLL* -> EPOLL* replacement
Linus Torvalds
1
-7/+7
2018-02-06
Merge tag ‘media/v4.16-2’ of git://git.kernel.org/pub/scm/linux/kernel/git/mc…
Linus Torvalds
1
-21/+211
2017-12-28
media: move dvb kAPI headers to include/media
Mauro Carvalho Chehab
1
-2/+2
2017-12-28
media: dvb-core: make DVB mmap API optional
Mauro Carvalho Chehab
1
-8/+58
2017-12-28
media: videobuf2: Add new uAPI for DVB streaming I/O
Satendra Singh Thakur
1
-28/+168
2017-11-27
media: annotate ->poll() instances
Al Viro
1
-4/+4
2017-10-31
media: dvb-core: Convert timers to use timer_setup()
Kees Cook
1
-5/+3
2017-09-05
media: get rid of removed DMX_GET_CAPS and DMX_SET_SOURCE leftovers
Mauro Carvalho Chehab
1
-20/+0
2017-09-05
media: dmx.h: split typedefs from structs
Mauro Carvalho Chehab
1
-2/+2
2017-02-03
[media] media: dvb: dmx: fixed coding style issues of spacing
devendra sharma
1
-5/+7
2017-01-27
[media] media: Drop FSF’s postal address from the source code files
Sakari Ailus
1
-4/+0
2016-12-25
ktime: Cleanup ktime_set() usage
Thomas Gleixner
1
-1/+1
2016-12-24
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
Linus Torvalds
1
-1/+1
2016-10-21
[media] dvb-core: get rid of demux optional circular buffer
Mauro Carvalho Chehab
1
-2/+2
2016-10-21
[media] dvb-core: use pr_foo() instead of printk()
Mauro Carvalho Chehab
1
-9/+15
2016-07-08
[media] dvb: use ktime_t for internal timeout
Arnd Bergmann
1
-1/+1
2016-01-11
[media] dvb: modify core to implement interfaces/entities at MC new gen
Mauro Carvalho Chehab
1
-2/+2
2015-10-06
[media] dvb: get rid of enum dmx_success
Mauro Carvalho Chehab
1
-4/+2
2015-10-06
[media] dvb: don’t keep support for undocumented features
Mauro Carvalho Chehab
1
-0/+4
2015-02-26
[media] dvb core: rename the media controller entities
Mauro Carvalho Chehab
1
-2/+2
2015-02-13
[media] dmxdev: add support for demux/dvr nodes at media controller
Mauro Carvalho Chehab
1
-3/+8
2014-09-03
[media] dmxdev: don’t use before checking file->private_data
Mauro Carvalho Chehab
1
-2/+1
2014-09-02
[media] media: check status of dmxdev->exit in poll functions of demux&dvr
Changbing Xiong
1
-1/+5
2014-09-02
[media] media: correct return value in dvb_demux_poll
Changbing Xiong
1
-1/+1
2013-10-24
dmxdev: get rid of pointless clearing ->f_op
Al Viro
1
-4/+0
2013-06-19
[media] media: dmxdev: remove dvb_ringbuffer_flush() on writer side
Soeren Moch
1
-6/+2
2013-04-08
[media] demux.h: Remove duplicated enum
Mauro Carvalho Chehab
1
-1/+1
2013-03-04
[media] mb86a20s: change AGC tuning parameters
Mauro Carvalho Chehab
1
-1/+2
2012-10-28
[media] dmxdev: fix a comparition of unsigned expression warning
Mauro Carvalho Chehab
1
-1/+1
2012-08-13
[media] dvb: move the dvb core one level up
Mauro Carvalho Chehab
1
-0/+1275
Related news
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user t...
Ubuntu Security Notice 6030-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6024-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6014-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 6009-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6001-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 6000-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5991-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5987-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5981-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5982-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5951-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5940-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.
Ubuntu Security Notice 5939-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5934-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5927-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5924-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5917-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5915-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.