Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can control an emulated device can use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43975)
It was discovered that the UDF file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious UDF image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2022-0617)
Lyu Tao discovered that the NFS implementation in the Linux kernel did not properly handle requests to open a directory on a regular file. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-24448)
It was discovered that the YAM AX.25 device driver in the Linux kernel did not properly deallocate memory in some error conditions. A local privileged attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2022-24959)
4.15.0-176.1854.15.0-1127.1364.15.0-1137.1504.15.0-1041.464.15.0-1121.1354.15.0-1113.1164.15.0-1092.1014.15.0-1126.1354.15.0-1137.150~14.04.14.15.0-1127.136~16.04.14.15.0-1137.150~16.04.14.15.0-1121.135~16.04.14.15.0-176.185~16.04.14.15.0-1092.101~16.04.1