MontaVista continually monitors the security community and customers for threats. We follow the community on CVE scoring (NVD) and set fix priority accordingly for affected products. Please view the following CVEs that have been remediated or are in process by clicking the CVE Year to the left or use the CVE Filters below.
For inquiries into CVEs at MontaVista, please send email to security@mvista.com
CVE | Score | Severity | Package | Description | Published | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CVE-2022-30065 |
6.2 (i)
| normal | busybox | A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. | 2022-05-18 | |||||||||||||||
CVE-2022-1116 |
7.8 (i)
| serious | kernel | Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. | 2022-05-17 | |||||||||||||||
CVE-2022-1419 |
6.7 (i)
| normal | kernel | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | 2022-05-17 | |||||||||||||||
CVE-2022-1586 |
8.1 (i)
| serious | libpcre | An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. | 2022-05-16 | |||||||||||||||
CVE-2022-1587 |
8.1 (i)
| serious | libpcre | An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. | 2022-05-16 | |||||||||||||||
CVE-2022-1679 |
7.0 (i)
| serious | kernel | A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 2022-05-16 | |||||||||||||||
CVE-2022-1674 |
5.5 (i)
| normal | vim | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. | 2022-05-12 | |||||||||||||||
CVE-2022-30594 |
7.1 (i)
| serious | kernel | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | 2022-05-11 | |||||||||||||||
CVE-2021-3611 |
7.1 (i)
| serious | qemu | A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. | 2022-05-11 |