Rewterz Threat Advisory – CVE-2022-25375 – Linux Kernel Vulnerability

Rewterz Threat Advisory – CVE-2022-22308 – IBM Planning Analytics file include Vulnerability

February 22, 2022

Rewterz Threat Advisory – Multiple NVIDIA GPU Display Driver for Linux and Window Vulnerabilities

February 22, 2022

Rewterz Threat Advisory – CVE-2022-25375 – Linux Kernel Vulnerability

Severity

Medium

Analysis Summary

CVE-2022-25375

Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by improper validation of the size of the RNDIS_MSG_SET command by the RNDIS USB gadget in drivers/usb/gadget/function/rndis.c. By sending specially-crafted RNDIS requests, an attacker could exploit this vulnerability to obtain sensitive from kernel space memory, and use this information to launch further attacks against the affected system.

Impact

Information Disclosure

Indicators of Compromise

CVE

CVE-2022-25375

Affected Vendors

Linux

Affected Products

Linux Kernel 5.16

Remediation

Upgrade to the latest version of Linux Kernel, available from the Linux Kernel GIT Repository.

https://github.com/torvalds/linux/commit/38ea1eac7d88072bbffb630e2b3db83ca649b826

Rewterz Threat Advisory – CVE-2022-22308 – IBM Planning Analytics file include Vulnerability

Rewterz Threat Advisory – Multiple NVIDIA GPU Display Driver for Linux and Window Vulnerabilities

Rewterz Threat Advisory – CVE-2022-25375 – Linux Kernel Vulnerability

Severity

Analysis Summary

CVE-2022-25375

Impact

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan