CVE-2022-26966 An issue was discovered in the Linux kernel before 5.16.12

The issue exists due to incorrect calculation of data lengths for an endpoint descriptor. An attacker can exploit this to determine the length of buffers in memory. An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. The issue exists due to incorrect calculation of data lengths for an endpoint descriptor. An attacker can exploit this to determine the length of buffers in memory. An issue was discovered in the Linux kernel before 5.16.12. KVM/svm.c mishandles certain reports with VMX/VMCB instructions combinations within the virtual address space. An attacker can exploit this to cause a denial of service (memory corruption and/or panic). An issue was discovered in the Linux kernel before 5.16.12. KVM/svm.c mishandles certain reports with VMX/VMCB instructions combinations within the virtual address space. An attacker can exploit this to cause a denial of service (memory corruption and/or panic). An issue was discovered in the Linux kernel before 5.16.12. KVM/svm.c mishandles certain reports with VMX/VMCB instructions combinations within the virtual address space. An attacker can exploit this to cause a denial of service (memory corruption and/or panic). An issue was discovered in the Linux kernel before 5.16.12. KVM/s

SUMMARY

If you're using Linux, you may want to disable a certain feature.
The issue exists due to incorrect calculation of data lengths for an endpoint descriptor. An attacker can exploit this to determine the length of buffers in memory.
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. The issue exists due to incorrect calculation of data lengths for an endpoint descriptor. An attacker can exploit this to determine the length of buffers in memory.

Technical Description

The issue exists due to incorrect calculation of data lengths for an endpoint descriptor. An attacker can exploit this to determine the length of buffers in memory.
An issue was discovered in the Linux kernel before 5.16.12. KVM/svm.c mishandles certain reports with VMX/VMCB instructions combinations within the virtual address space. An attacker can exploit this to cause a denial of service (memory corruption and/or panic).

Timeline

Published on: 03/12/2022 22:15:00 UTC
Last modified on: 07/01/2022 14:15:00 UTC

References

• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e9da0b56fe27206b49f39805f7dcda8a89379062
• https://security.netapp.com/advisory/ntap-20220419-0001/
• https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26966