[Git][security-tracker-team/security-tracker][master] various Linux exploit references

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Oct 29 22:56:19 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48b2b005 by Moritz Muehlenhoff at 2022-10-29T23:56:04+02:00
various Linux exploit references

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -36114,6 +36114,7 @@ CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s io_ur
 	[stretch] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/24/4
 	NOTE: https://www.openwall.com/lists/oss-security/2022/05/28/1
+	NOTE: https://blog.kylebot.net/2022/10/16/CVE-2022-1786/
 CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. ...)
 	- vim 2:9.0.0135-1 (bug #1015984)
 	[bullseye] - vim <no-dsa> (Minor issue)
@@ -46226,6 +46227,7 @@ CVE-2022-1043 (A flaw was found in the Linux kernel’s io_uring implementat
 	[stretch] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997328
 	NOTE: https://git.kernel.org/linus/a30f895ad3239f45012e860d4f94c1a388b36d14 (5.14-rc7)
+	NOTE: https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-1043.c
 CVE-2022-1042 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerabili ...)
 	NOT-FOR-US: Zyphyr
 CVE-2022-1041 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerabili ...)
@@ -61112,6 +61114,8 @@ CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
 	NOTE: https://www.openwall.com/lists/oss-security/2022/01/27/4
 	NOTE: https://www.openwall.com/lists/oss-security/2022/02/03/1
 	NOTE: Fixed by: https://git.kernel.org/linus/a0f90c8815706981c483a652a6aefca51a5e191c
+	NOTE: https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942-dc.c
+	NOTE: https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942.c
 CVE-2022-22941 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...)
 	- salt 3004.1+dfsg-1 (bug #1008945)
 	NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48b2b0058fd5b880f574d53d96436c9de7b817da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48b2b0058fd5b880f574d53d96436c9de7b817da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221029/1347caba/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list