MontaVista CVE List and Response

MontaVista continually monitors the security community and customers for threats. We follow the community on CVE scoring (NVD) and set fix priority accordingly for affected products. Please view the following CVEs that have been remediated or are in process by clicking the CVE Year to the left or use the CVE Filters below.

For inquiries regarding Security Vulnerabilities, please see our Vulnerability Response Policy or email our PSIRT team security@mvista.com. Email messages and attachments can be encrypted using PGP and a MontaVista PSIRT PGP key, which is available for download here.

Year
Product
Score
Severity
Status
CVE
CVE Score Severity Package Description Published
CVE-2015-9999
4.0 (i)
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2023-02-04
CVE-2017-100010
5.4 (i)
CGE 7.0 Released
CGX 2.0 Released
CGE 6.0 Wont Fix
MVL 6.0 Wont Fix
CGX 2.2 Released
normal curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2023-02-04
CVE-2017-100036
7.4 (i)
CGX 2.0 Fixed
MVL 6.0 Wont Fix
CGE 6.0 Released
CGX 1.8 Wont Fix
CGE 7.0 Released
CGX 2.2 Released
glibc ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2023-02-04
CVE-2022-4139
7.0 (i)
CGX 2.4 Not Affected
Centos 7.9 Not Affected
CGX 3.1 Not Affected
serious kernel An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. 2023-01-27
CVE-2022-3424
7.0 (i)
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
CGX 2.4 Under Investigation
serious kernel ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2023-01-19
CVE-2022-47929
5.5 (i)
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
CGX 2.4 Under Investigation
normal kernel In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. 2023-01-17
CVE-2023-0122
7.5 (i)
Centos 7.9 Not Affected
CGX 3.1 Not Affected
CGX 2.4 Not Affected
serious kernel A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4. 2023-01-17
CVE-2022-36760
9.8 (i)
Rocky 8.5 Under Investigation
Centos 7.9 Fixed
CGX 3.1 Under Investigation
Centos 7.8 Fixed
Centos 7.7 Fixed
Centos 7.6 Fixed
Centos 7.5 Fixed
CGX 2.4 Under Investigation
CGX 2.0 Under Investigation
CGE 7.0 Fixed
critical appache Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions. 2023-01-17
CVE-2022-37436
5.3 (i)
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
CGX 2.4 Under Investigation
normal appache Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client. 2023-01-17
CVE-2022-41858
7.1 (i)
Centos 7.9 Under Investigation
CGX 3.1 Under Investigation
CGX 2.4 Under Investigation
serious kernel A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. 2023-01-17