MontaVista CVE List and Response

MontaVista continually monitors the security community and customers for threats. We follow the community on CVE scoring (NVD) and set fix priority accordingly for affected products. Please view the following CVEs that have been remediated or are in process by clicking the CVE Year to the left or use the CVE Filters below.

For inquiries into CVEs at MontaVista, please send email to security@mvista.com

Year
Product
Score
Severity
Status
CVE
CVE Score Severity Package Description Published
CVE-2022-30065
6.2 (i)
CGX 4.0 Under Investigation
Hammer Flexi Under Investigation
CGX 3.1 Under Investigation
CGX 2.6 Under Investigation
CGX 2.4 Under Investigation
CGX 2.2 Under Investigation
normal busybox A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. 2022-05-18
CVE-2022-1116
7.8 (i)
CGX 4.0 Under Investigation
Hammer Flexi Not Affected
Rocky 8.4 Not Affected
Centos 8.3 Not Affected
Centos 7.9 Not Affected
CGX 3.1 Under Investigation
Centos 8.1 Not Affected
Centos 7.8 Not Affected
Centos 7.7 Not Affected
CGX 2.6 Under Investigation
Centos 7.6 Not Affected
Centos 6.10 Not Affected
Centos 7.5 Not Affected
CGX 2.4 Not Affected
CGX 2.2 Not Affected
serious kernel Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. 2022-05-17
CVE-2022-1419
6.7 (i)
CGX 2.4 Fixed
CGX 2.2 Under Investigation
Hammer Flexi Under Investigation
Rocky 8.4 Under Investigation
Centos 8.3 Under Investigation
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
Centos 8.1 Under Investigation
Centos 7.8 Under Investigation
Centos 7.7 Under Investigation
CGX 2.6 Wont Fix
Centos 7.6 Under Investigation
Centos 6.10 Under Investigation
Centos 7.5 Under Investigation
normal kernel ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2022-05-17
CVE-2022-1586
8.1 (i)
CGX 3.1 Under Investigation
CGX 2.6 Under Investigation
CGX 2.4 Under Investigation
CGX 2.2 Under Investigation
serious libpcre An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. 2022-05-16
CVE-2022-1587
8.1 (i)
CGX 3.1 Under Investigation
CGX 2.6 Under Investigation
CGX 2.4 Under Investigation
CGX 2.2 Under Investigation
serious libpcre An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. 2022-05-16
CVE-2022-1679
7.0 (i)
Hammer Flexi Under Investigation
Rocky 8.4 Under Investigation
Centos 8.3 Under Investigation
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
Centos 8.1 Under Investigation
Centos 7.8 Under Investigation
Centos 7.7 Under Investigation
CGX 2.6 Under Investigation
Centos 7.6 Under Investigation
Centos 6.10 Under Investigation
Centos 7.5 Under Investigation
CGX 2.4 Under Investigation
CGX 2.2 Under Investigation
serious kernel A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-05-16
CVE-2022-1674
5.5 (i)
Hammer Flexi Under Investigation
Rocky 8.4 Under Investigation
Centos 8.3 Under Investigation
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
Centos 8.1 Under Investigation
Centos 7.8 Under Investigation
Centos 7.7 Under Investigation
Centos 7.6 Under Investigation
Centos 6.10 Under Investigation
Centos 7.5 Under Investigation
CGX 2.4 Under Investigation
CGX 2.2 Under Investigation
normal vim NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. 2022-05-12
CVE-2022-30594
7.1 (i)
CGX 2.4 Fixed
CGX 2.2 Fixed
Hammer Flexi Under Investigation
Rocky 8.4 Under Investigation
Centos 8.3 Under Investigation
Centos 7.9 Under Investigation
CGX 3.1 Fixed
Centos 8.1 Under Investigation
Centos 7.8 Under Investigation
Centos 7.7 Under Investigation
CGX 2.6 Fixed
Centos 7.6 Under Investigation
Centos 6.10 Under Investigation
Centos 7.5 Under Investigation
serious kernel The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. 2022-05-11
CVE-2021-3611
7.1 (i)
CGX 2.2 Not Affected
Hammer Flexi Not Affected
CGX 3.1 Not Affected
CGX 2.4 Not Affected
serious qemu A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. 2022-05-11