Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

CVE-2022-47946

An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.

CVE
Open in Source
#linux#dos
CVE-2022-47943: ksmbd: prevent out of bound read for SMB2_WRITE · torvalds/linux@ac60778

An issue was discovered in ksmbd in the Linux kernel before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.

CVE-2022-47940: ksmbd: validate length in smb2_write() · torvalds/linux@158a66b

An issue was discovered in ksmbd in the Linux kernel before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.

CVE-2022-47942: ksmbd: fix heap-based overflow in set_ntacl_dacl() · torvalds/linux@8f05411

An issue was discovered in ksmbd in the Linux kernel before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.

CVE-2022-47941: ksmbd: fix memory leak in smb2_handle_negotiate · torvalds/linux@aa7253c

An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.

CVE-2022-47939: ksmbd: fix use-after-free bug in smb2_tree_disconect · torvalds/linux@cf6531d

An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.

CVE-2022-47938

An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNNECT.

CVE-2022-46642: IoTvuln/D-Link dir-846 SetAutoUpgradeInfo command injection vulnerability.md at main · CyberUnicornIoT/IoTvuln

D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function.

OpenTSDB 2.4.0 Command Injection

This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.0 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the yrange parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.3.0.