A heap-based buffer overflow in the way the Network Socket creation was handled by the Linux kernel was fixed in version 4.14. There was a bug in the code that does not properly handle socket creation attempts for non-AF_INET6 sockets. An unprivileged local user could use this flaw to create a socket via a crafted application. An attacker could also downgrade the socket (or cause another process to downgrade it) to an unprivileged mode via a crafted application to have a syscall entrance. An unprivileged local user could use this flaw to create a socket via a crafted application. An attacker could also downgrade the socket (or cause another process to downgrade it) to an unprivileged mode via a crafted application to have a syscall entrance. An information leak flaw was found in the way the Linux kernel's task sequelec
An information leak flaw was found in the way the Linux kernel's task scheduler handled scheduling of NOOP instructions within the task’s interrupt handler. A privileged user could use this flaw to leak kernel task data.
An information leak flaw was found in the way the Linux kernel’s vhost driver (vhost/vhost) handled invalid IOCTL requests with invalid INQU. An unprivileged user inside virtual machine could use this flaw to leak host memory.
A race condition flaw was found in the way IPv6 routing updates were handled. A local user on a machine with
An information leak flaw was found in the Linux kernel's netfilter architecture
An information leak flaw was found in the Linux kernel’s netfilter architecture. A local user on a machine with netfilter enabled, could use this flaw to leak kernel task data.
An information leak flaw was found in the Linux kernel's Bluetooth stack
An information leak flaw was found in the Linux kernel's Bluetooth stack. It could allow an attacker to leak kernel memory.
Multiple memory leaks were found in the Linux kernel. An unprivileged local user could use these flaws to cause a denial of service (memory consumption).
A heap-based buffer overflow was found in the way the Linux kernel handled HID report descriptor senders. An attacker with access to a /dev/hidraw file on the system could possibly use this flaw to crash the system or execute arbitrary code.
A race condition flaw was found in libusb 1.0. A privileged user inside guest could use this flaw to crash host by sending specially crafted packets, resulting in host memory corruption and application crash.
Base of Operations for Software Companies
Many software companies base their operations out of the United States. This is because the U.S. is one of the easiest countries to establish a corporation in, while being one of the most expensive countries to operate in. While operating from within the U.S., companies do not have to pay taxes on income generated from outside of it, which can be a significant cost savings for some software companies.
Timeline
Published on: 02/11/2022 18:15:00 UTC
Last modified on: 03/29/2022 16:08:00 UTC
References
- https://github.com/Crusaders-of-Rust/CVE-2022-0185
- https://www.openwall.com/lists/oss-security/2022/01/18/7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=722d94847de2
- https://www.willsroot.io/2022/01/cve-2022-0185.html
- https://security.netapp.com/advisory/ntap-20220225-0003/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0185