Vuldb Updates

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. This vulnerability was named CVE-2022-3629. Access to the local network is required for this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. This vulnerability is traded as CVE-2022-3633. The attack needs to be approached within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. This vulnerability is handled as CVE-2022-3635. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. This vulnerability is known as CVE-2022-3623. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2022-3625. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Linux Kernel. This affects an unknown part of the component Broadcom Full MAC Wi-Fi Driver. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2022-3628. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. This vulnerability is known as CVE-2022-3594. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-3621. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was suspected in Linux Kernel. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all. Affected code is conditional on BNX2X_STOP_ON_ERROR macro, which is never defined. As such there does not seem to be any security impact unless someone chooses to patch the driver to define BNX2X_STOP_ON_ERROR and triggering the respective code path.

A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. This vulnerability is known as CVE-2022-3545. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. This vulnerability is known as CVE-2022-3564. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. This vulnerability is handled as CVE-2022-3565. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function sch_sfb of the component Socket Buffer Handler. The manipulation of the argument cb leads to use after free. This vulnerability is handled as CVE-2022-3586. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2022-3435. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. This vulnerability was named CVE-2022-3521. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. This vulnerability is known as CVE-2022-3524. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was suspected in Linux Kernel. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all. Removing the module is only something a developer would to when e.g. testing out changes, so the module would be reloaded. So this memory leak is minor.

A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function nvme_dev_ioctl of the component Device Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-3169. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel. It has been rated as critical. Affected by this issue is the function Signalfd_poll/binder_poll of the component Notification Handler. The manipulation leads to use after free. This vulnerability is handled as CVE-2022-3176. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in ecki net-tools up to 2.10. It has been classified as critical. Affected is the function get_name of the file interface.c. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-46836. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.