This could occur when using the ERM or MCU reports and obtaining error code 1206 ( Reports through HID might not be properly converted from the IN report to the OUT report. As a result, an attacker in the system could make copies of these reports and issue them to trigger the error. This issue could potentially be exploited through malicious USB devices. This issue has been fixed by adding an additional check in the code that converts an IN report to an OUT report. It is recommended that users apply the following update.
CVE-2019-3810 The Linux kernel before 5.16.9, when KVM is enabled, allows a user with access to a guest kernel to corrupt the host stack and bypass intended Supervisor Mode Access Prevention (SMAP) restrictions. This issue has been fixed by finding a way to limit the amount of information that the SMAP implementation can access when checking if a LAX SMAP mode access is prevented or not.
CVE-2019-3689 The ext4_dio_poll function in fs/ext4/inode.c in the Linux kernel before 5.5 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an ext4 filesystem with an ext4_dio_oper_mode set to 2 and an ext4_directory_i_block_t set to 0.
CVE-2019-3688 The ext4_dio_oper_mode function in
^
*inode.c: ext4_dio_oper_mode
This vulnerability allows a user with access to the Linux kernel to corrupt the host stack and bypass intended Supervisor Mode Access Prevention (SMAP) restrictions. This issue has been fixed by limiting the information that can be accessed when checking if a LAX SMAP mode access is prevented or not.
Timeline
Published on: 03/28/2022 04:15:00 UTC
Last modified on: 04/05/2022 13:08:00 UTC
References
- https://www.openwall.com/lists/oss-security/2022/03/13/1
- https://github.com/torvalds/linux/commit/817b8b9c5396d2b2d92311b46719aad5d3339dbe
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.11
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=817b8b9c5396d2b2d92311b46719aad5d3339dbe
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27950