MontaVista CVE List and Response

MontaVista continually monitors the security community and customers for threats. We follow the community on CVE scoring (NVD) and set fix priority accordingly for affected products. Please view the following CVEs that have been remediated or are in process by clicking the CVE Year to the left or use the CVE Filters below.

For inquiries into CVEs at MontaVista, please send email to security@mvista.com

Year
Product
Score
Severity
Status
CVE
CVE Score Severity Package Description Published
CVE-2015-9999
4.0 (i)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2022-10-01
CVE-2017-100010
5.4 (i)
CGE 7.0 Released
CGX 2.0 Released
CGE 6.0 Wont Fix
MVL 6.0 Wont Fix
CGX 2.2 Released
normal curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2022-10-01
CVE-2017-100036
7.4 (i)
CGX 2.0 Fixed
MVL 6.0 Wont Fix
CGE 6.0 Released
CGX 1.8 Wont Fix
CGE 7.0 Released
CGX 2.2 Released
glibc ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2022-10-01
CVE-2022-23816
5.6 (i)
Centos 8.3 Under Investigation
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
Centos 8.1 Under Investigation
Centos 7.8 Under Investigation
Centos 7.7 Under Investigation
CGX 2.2 Wont Fix
Rocky 8.5 Under Investigation
Rocky 8.4 Under Investigation
Centos 7.6 Under Investigation
Centos 6.10 Under Investigation
Centos 7.5 Under Investigation
CGX 2.4 Under Investigation
normal kernel ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2022-10-01
CVE-2022-41849
4.3 (i)
Rocky 8.5 Under Investigation
Rocky 8.4 Under Investigation
Centos 8.3 Under Investigation
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
Centos 8.1 Under Investigation
Centos 7.8 Under Investigation
Centos 7.7 Under Investigation
Centos 7.6 Under Investigation
Centos 6.10 Under Investigation
Centos 7.5 Under Investigation
CGX 2.4 Under Investigation
normal kernel drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. 2022-09-29
CVE-2022-41850
4.3 (i)
Rocky 8.5 Under Investigation
Rocky 8.4 Under Investigation
Centos 8.3 Under Investigation
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
Centos 8.1 Under Investigation
Centos 7.8 Under Investigation
Centos 7.7 Under Investigation
Centos 7.6 Under Investigation
Centos 6.10 Under Investigation
Centos 7.5 Under Investigation
CGX 2.4 Under Investigation
normal kernel roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. 2022-09-29
CVE-2022-41848
4.3 (i)
Rocky 8.5 Under Investigation
Rocky 8.4 Under Investigation
Centos 8.3 Under Investigation
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
Centos 8.1 Under Investigation
Centos 7.8 Under Investigation
Centos 7.7 Under Investigation
Centos 7.6 Under Investigation
Centos 6.10 Under Investigation
Centos 7.5 Under Investigation
CGX 2.4 Under Investigation
normal kernel drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. 2022-09-29
CVE-2022-3352
6.6 (i)
Rocky 8.5 Under Investigation
Rocky 8.4 Under Investigation
Centos 8.3 Under Investigation
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
Centos 8.1 Under Investigation
Centos 7.8 Under Investigation
Centos 7.7 Under Investigation
Centos 7.6 Under Investigation
Centos 6.10 Under Investigation
Centos 7.5 Under Investigation
CGX 2.4 Under Investigation
normal vim Use After Free in GitHub repository vim/vim prior to 9.0.0614. 2022-09-29
CVE-2016-2338
4.7 (i)
Rocky 8.5 Not Affected
Centos 7.9 Under Investigation
CGX 3.1 Not Affected
Centos 7.8 Under Investigation
Centos 7.7 Under Investigation
Centos 7.6 Under Investigation
Centos 6.10 Under Investigation
Centos 7.5 Under Investigation
CGX 2.4 Not Affected
normal ruby An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow. 2022-09-28
CVE-2014-0147
7.5 (i)
CGX 3.1 Not Affected
CGX 2.4 Not Affected
serious qemu Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. 2022-09-28