Aggregator

A vulnerability classified as critical was found in Linux Kernel up to 4.19.266/5.4.224/5.10.154/5.15.78/6.0.8. Affected by this vulnerability is the function tun_get_user of the component net. The manipulation leads to memory leak. This vulnerability is known as CVE-2022-49871. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.223/5.10.153/5.15.77/6.0.7. It has been rated as critical. This issue affects some unknown processing of the component netfilter. The manipulation leads to use after free. The identification of this vulnerability is CVE-2022-49919. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.77/6.0.7. It has been declared as problematic. This vulnerability affects the function rcu_barrier of the component netfilter. The manipulation leads to privilege escalation. This vulnerability was named CVE-2022-49920. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.77/6.0.7. It has been classified as critical. This affects the function device_add_disk of the component block. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2022-49902. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.7 and classified as problematic. Affected by this issue is the function null_blk.ko. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2022-49901. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability, now identified as CVE-2025-31191. We encourage macOS users to apply security updates as soon as possible.

The post Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape appeared first on Microsoft Security Blog.

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability, now identified as CVE-2025-31191. We encourage macOS users to apply security updates as soon as possible.

The post Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape appeared first on Microsoft Security Blog.

A vulnerability has been found in Linux Kernel up to 5.10.153/5.15.77/6.0.7 and classified as critical. Affected by this vulnerability is the function piix4_remove of the component i2c. The manipulation of the argument piix4_adapter_count leads to memory corruption. This vulnerability is known as CVE-2022-49900. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.153/5.15.77/6.0.7. Affected is the function blk_crypto_evict_key of the component fscrypt. The manipulation leads to use after free. This vulnerability is traded as CVE-2022-49899. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel. This issue affects the function __put_super of the component fscrypt. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2022-49897. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Linux Kernel up to 6.0.7. This vulnerability affects the function cxl_port_attach_region. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2022-49895. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.10.153/5.15.77/6.0.7. This affects the function ftrace_shutdown of the file kernel/trace/ftrace.c of the component ftrace. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2022-49892. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.7. It has been rated as critical. Affected by this issue is the function red_enqueue of the component net. The manipulation leads to use after free. This vulnerability is handled as CVE-2022-49921. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.77/6.0.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sbin/ipset of the component netfilter. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2022-49911. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.77/6.0.7. It has been classified as critical. Affected is the function smc_init. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2022-49905. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.7 and classified as critical. This issue affects the function devm_cxl_add_region. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2022-49894. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.0.7 and classified as critical. This vulnerability affects the function l2cap_conn_del of the component Bluetooth. The manipulation leads to improper update of reference count. This vulnerability was named CVE-2022-49909. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.15.77/6.0.7. This affects the function tree_mod_log_rewind of the file fs/btrfs/tree-mod-log.c. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2022-49898. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.0.7. Affected by this issue is the function rose_send_frame of the component rose. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2022-49916. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.15.77/6.0.7. Affected by this vulnerability is an unknown functionality of the component ibmvnic. The manipulation leads to memory leak. This vulnerability is known as CVE-2022-49906. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.