Page 216 of 2873 results (0.010 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-44033

https://notcve.org/view.php?id=CVE-2022-44033

An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach(). Se descubrió un problema en el kernel de Linux hasta la versión 6.0.6. drivers/char/pcmcia/cm4040_cs.c tiene una condición de ejecución y Use-After-Free resultante si un atacante físicamente cercano elimina un dispositivo PCMCIA mientras llama a open(), también conocido como una condición de ejecución entre cm4040_open() y Reader_detach(). • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b12f050c76f090cc6d0aebe0ef76fed79ec3f15 https://lore.kernel.org/lkml/20220915020834.GA110086%40ubuntu https://lore.kernel.org/lkml/20220919040457.GA302681%40ubuntu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0

CVE-2022-43750 – kernel: memory corruption in usbmon driver

https://notcve.org/view.php?id=CVE-2022-43750

drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. El archivo drivers/usb/mon/mon_bin.c en usbmon en el kernel de Linux versiones anteriores a 5.19.15 y versiones 6.x anteriores a 6.0.1, permite que un cliente del espacio de usuario corrompa la memoria interna del monitor An out-of-bounds memory write flaw in the Linux kernel’s USB Monitor component was found in how a user with access to the /dev/usbmon can trigger it by an incorrect write to the memory of the usbmon. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.15 https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a659daf63d16aa883be42f3f34ff84235c302198 https://github.com/torvalds/linux/commit/a659daf63d16aa883be42f3f34ff84235c302198 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://access.redhat.com/security/cve • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-3344

https://notcve.org/view.php?id=CVE-2022-3344

A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). Se ha encontrado un fallo en la virtualización anidada AMD (SVM) de KVM. Un huésped L1 malicioso podría fallar a propósito para interceptar el apagado de un huésped anidado cooperativo (L2), posiblemente conllevando a una falla de página y pánico del kernel en el host (L0) • https://bugzilla.redhat.com/show_bug.cgi?id=2130278 https://lore.kernel.org/lkml/20221020093055.224317-5-mlevitsk%40redhat.com/T • CWE-440: Expected Behavior Violation •

CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 1

CVE-2022-3635 – Linux Kernel IPsec idt77252.c tst_timer use after free

https://notcve.org/view.php?id=CVE-2022-3635

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability. • https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=3f4093e2bf4673f218c0bf17d8362337c400e77b https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://vuldb.com/?id.211934 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.0EPSS: 0%CPEs: 18EXPL: 0

CVE-2022-3649 – Linux Kernel BPF inode.c nilfs_new_inode use after free

https://notcve.org/view.php?id=CVE-2022-3649

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d325dc6eb763c10f591c239550b8c7e5466a5d09 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://security.netapp.com/advisory/ntap-20230214-0009 https://vuldb.com/?id.211992 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •