6.5
CVSSv3

CVE-2022-2308

Published: 01/09/2022 Updated: 13/09/2022
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 0

Vulnerability Summary

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). (CVE-2022-0171) A flaw was found in the Linux kernel in vDPA with VDUSE backend. There were no checks in VDUSE kernel driver to ensure the size of the device config space was in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers did not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. Such memory was not directly propagated to userspace, although under some circumstances it could be printed in the kernel logs. (CVE-2022-2308) A use-after-free flaw was found in the Linux kernel's Unix socket Garbage Collection and io_uring. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2602) Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. (CVE-2022-3061) An issue exists in the Linux kernel prior to 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. (CVE-2022-39842)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel -

Vendor Advisories

A flaw was found in the Linux kernel The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV) (CVE-2022-0171) A flaw was found in the Linux kernel in vDPA with VDUSE backend ...