Page 22 of 226 results (0.013 seconds)

CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 0

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. Se ha descubierto un problema en drivers/usb/gadget/composite.c en el kernel de Linux anterior a la versión 5.16.10. El subsistema USB Gadget carece de cierta validación de las solicitudes de descriptor del SO de la interfaz (las que tienen un índice de matriz grande y las asociadas a la recuperación de punteros de función NULL). • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 https://github.com/szymonh/d-os-descriptor https://github.com/torvalds/linux/commit/75e5b4849b81e19e9efe1654b30d7f3151c33c2c https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCW2KZYJ2H6BKZE3CVLHRIXYDGNYYC5P https://security.netapp.com/advisory/ntap-20221028-0007 https:/ • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0

drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. el archivo drivers/usb/gadget/legacy/inode.c en el kernel de Linux versiones hasta 5.16.8 maneja inapropiadamente la liberación dev-) buf • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda https://github.com/torvalds/linux/commit/501e38a5531efbd77d5c73c0ba838a889bfc1d74 https://github.com/torvalds/linux/commit/89f3594d0de58e8a57d92d497dea9fee3d4b9cda https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUVZA2YVOQJBJTDIDQ5HF5TAU2C6WP6H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject& • CWE-763: Release of Invalid Pointer or Reference •

CVSS: 7.9EPSS: 0%CPEs: 36EXPL: 1

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de uso de memoria previamente liberada en el subsistema Bluetooth del kernel de Linux en la forma en que las llamadas de usuario son conectadas al socket y son desconectadas simultáneamente debido a una condición de carrera. Este fallo permite a un usuario bloquear el sistema o escalar sus privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=1999544 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lore.kernel.org/lkml/20211115165435.133245729%40linuxfoundation.org https://security.netapp.com/advisory/ntap-20220318-0009 https://www.debian.org/security/2022/dsa-5096 https://www.openwall.com/lists/oss-security/2021/09/15/4 https://www.oracle.com/security-alerts/cpujul2022.html https:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 1

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. Se encontró un fallo de uso de memoria previamente liberada en la función sco_sock_sendmsg() del subsistema HCI del kernel de Linux en la forma en que el usuario llama a ioct UFFDIO_REGISTER o de otra manera desencadena una condición de carrera de la llamada sco_conn_del() junto con la llamada sco_sock_sendmsg() con la página de memoria de fallo controlable esperada. Un usuario local privilegiado podría usar este fallo para bloquear el sistema o escalar sus privilegios en el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=1980646 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951 https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20220419-0003 https://ubuntu.com/security/CVE-2021- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 2

kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. El archivo kernel/ucount.c en el kernel de Linux versiones 5.14 hasta 5.16.4, cuando los espacios de nombres de los usuarios no privilegiados están habilitados, permite un uso de memoria previamente liberada y una escalada de privilegios porque un objeto ucounts puede sobrevivir a su espacio de nombres • https://github.com/meowmeowxw/CVE-2022-24122 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f9d87929d451d3e649699d0f1d74f71f77ad38f5 https://github.com/torvalds/linux/commit/f9d87929d451d3e649699d0f1d74f71f77ad38f5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSR3AI2IQGRKZCHNKF6S25JGDKUEAWWL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVSZKUJAZ2VN6LJ35J2B6YD6BOPQTU3B https://security.netapp.com/advisory/ntap-20220221-0001 htt • CWE-416: Use After Free •