1.Penguin Landscape

A security investigator has discovered three new code execution flaws in the Linux kernel that might be exploited by a local or external adversary to take control of the vulnerable computers and run arbitrary code.

The roccat_report_event function in drivers/hid/hid-roccat.c has a use-after-free vulnerability identified as CVE-2022-41850 (CVSS score: 8.4). A local attacker might exploit this flaw to run malicious script on the system by submitting a report while copying a report->value . Patch has be released to addresses the Linux Kernel 5.19.12 vulnerability CVE-2022-41850. 

The second flaw tracked as CVE-2022-41848 (CVSS score: 6.8), is also a use-after-free flaw due to a race condition between mgslpc_ioctl and mgslpc_detach in drivers/char/pcmcia/synclink_cs.c. By removing a PCMCIA device while calling ioctl, an attacker could exploit this vulnerability to execute arbitrary code on the system. The bug affects Linux Kernel 5.19.12 and was fixed via //lore.kernel.org/lkml/[email protected]/T/" target="_blank" rel="noreferrer noopener" style="background-color: transparent; outline: 0px; color: rgb(30, 115, 190); text-decoration: none; transition: color 0.3s ease-in 0s, background-color 0.3s linear 0s, border-color 0.3s linear 0s;">this patch.