Rewterz Threat Advisory – CVE-2022-31026 – GitHub Trilogy Vulnerability
June 8, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
June 8, 2022Rewterz Threat Advisory – CVE-2022-31026 – GitHub Trilogy Vulnerability
June 8, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
June 8, 2022Severity
Medium
Analysis Summary
CVE-2022-1975 CVSS:6.2
Linux Kernel is vulnerable to a denial of service, caused by a sleep in atomic context flaw when nfc firmware download timeout. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash.
CVE-2022-1974 CVSS:6.2
Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the device_is_registered() in nfc netlink related functions. By simulating a specially-crafted nfc device from user-space, a local attacker could exploit this vulnerability to cause the system to crash.
Impact
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-1975
- CVE-2022-1974
Affected Vendors
Linux
Affected Products
Linux Kernel
Remediation
Refer to Linux Kernel Security Advisory for patch, upgrade, or suggested workaround information.