Threat Advisories - NVD Disclosed March 3, 2022

CVE-2022-22947

Spring Cloud Gateway Remote Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Organizations using Spring Cloud Gateway face a code injection risk if the Gateway Actuator endpoint is enabled and unsecured. This allows remote attackers to execute arbitrary code on the host, posing a business risk.

NVD published: March 3, 2022 • CISA KEV

CVE advisoryKnown Exploit

CVE-2022-0492

Linux Kernel Privilege Escalation via Cgroups v1 Release Agent

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in the Linux kernel's cgroup v1 release_agent feature allows privilege escalation and bypass of namespace isolation. This requires local, authenticated access and could lead to unauthorized system access if reachable.

NVD published: March 3, 2022 • CISA KEV

CVE advisoryKnown Exploit

CVE-2022-22706

Arm Mali GPU Driver Unauthorized Memory Write

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A flaw in the Arm Mali GPU Kernel Driver allows unauthorized memory writes, potentially impacting system stability and data. This affects specific versions of the Midgard, Bifrost, and Valhall drivers, posing a risk of data manipulation or system compromise for organizations. Organizations should identify affected asse

NVD published: March 3, 2022 • CISA KEV