Paolo Abeni

3 exploits Active since Mar 2017
CVE-2017-6347 WRITEUP HIGH WRITEUP
Linux Kernel < 4.4.52 - Out-of-Bounds Read
The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.
CVSS 7.8
CVE-2022-1205 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.17 - Use After Free
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.
CVSS 4.7
CVE-2022-4128 WRITEUP MEDIUM WRITEUP
Linux Kernel < 5.18 - NULL Pointer Dereference
A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service.
CVSS 5.5