Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2022-26490

Published: 06/03/2022 Updated: 07/11/2023
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Linux

Vulnerability Summary

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel up to and including 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

fedoraproject fedora 34

fedoraproject fedora 35

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h300e_firmware -

netapp h500e_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

netapp h410c_firmware -

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Debian Security Advisories: DSA-5173-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2021-4197 Eric Biederman reported that incorrect permission checks in the cgroup process migration implementation can allow a local attacker to escalate privileges CVE-2022-0494 The ...
Debian Security Advisories: DSA-5127-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2021-4197 Eric Biederman reported that incorrect permission checks in the cgroup process migration implementation can allow a local attacker to escalate privileges CVE-2022-0168 A NU ...
Amazon Linux AMI: ALAS-2022-1581
A buffer overflow flaw was found in the Linux kernel's NFC protocol functionality This flaw allows a local user to crash or escalate their privileges on the system (CVE-2022-26490) A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4c and net/ipv6/esp6c This flaw allows a local attacker with a normal user pri ...
Ubuntu Security Notice: USN-5413-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5415-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5381-1: Linux kernel (OEM) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5418-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5417-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5390-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5390-2: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat:
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/sec in the Linux kernel through 51612 has EVT_TRANSACTION buffer overflows because of untrusted length parameters ...
Arch Linux Issues:
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/sec in the Linux kernel through 51612 has EVT_TRANSACTION buffer overflows because of untrusted length parameters ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-025
A buffer overflow flaw was found in the Linux kernel's NFC protocol functionality This flaw allows a local user to crash or escalate their privileges on the system (CVE-2022-26490) A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4c and net/ipv6/esp6c This flaw allows a local attacker with a normal user pri ...
Amazon Linux 2: ALAS2KERNEL-5.10-2022-013
A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls This flaw allows a local user to crash or potentially escalate their privileges on the system (CVE-2022-1048) A buffer overflow fl ...
Amazon Linux 2: ALAS2-2022-1774
A buffer overflow flaw was found in the Linux kernel's NFC protocol functionality This flaw allows a local user to crash or escalate their privileges on the system (CVE-2022-26490) A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4c and net/ipv6/esp6c This flaw allows a local attacker with a normal user pri ...

References

CWE-120https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221https://security.netapp.com/advisory/ntap-20220429-0004/https://www.debian.org/security/2022/dsa-5127https://lists.debian.org/debian-lts-announce/2022/07/msg00000.htmlhttps://www.debian.org/security/2022/dsa-5173https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT/https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5173https://ubuntu.com/security/notices/USN-5413-1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook