Page 237 of 2751 results (0.016 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. Se informó y solucionó una vulnerabilidad de acceso fuera de los límites que involucraba a netfilter como: f1082dd31fe4 (netfilter: nf_tables: Rechazar tablas de familia no admitida); Al crear una nueva tabla netfilter, la falta de protección contra valores no válidos de la familia nf_tables (pf) dentro de la función `nf_tables_newtable` permite a un atacante lograr un acceso fuera de los límites. An out-of-bounds access vulnerability was found in the Linux Kernel. This issue occurs during the creation of a new netfilter table. The absence of safeguards in the nf_tables_newtable function against invalid nf_tables family (pf) values allows attackers to achieve unauthorized access. • http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html http://www.openwall.com/lists/oss-security/2024/01/12/1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040 https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://www.openwall.com/lists/oss-security/2024/01/12/1 https://access.redhat.com/security/cve/CVE-2023-6040 https://bugzilla& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap. Se descubrió un problema en drivers/input/input.c en el kernel de Linux anterior a la versión 5.17.10. Un atacante puede provocar una denegación de servicio (pánico) porque input_set_capability maneja mal la situación en la que un código de evento queda fuera de un mapa de bits. A vulnerability was found in drivers/input/input.c in the Linux Kernel, where the input_set_capability() function mishandles scenarios where an event code is outside the bitmap. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.10 https://github.com/torvalds/linux/commit/409353cbe9fe48f6bc196114c442b1cff05a39bc https://access.redhat.com/security/cve/CVE-2022-48619 https://bugzilla.redhat.com/show_bug.cgi?id=2258012 • CWE-400: Uncontrolled Resource Consumption CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. Se encontró una vulnerabilidad en vhost_new_msg en drivers/vhost/vhost.c en el kernel de Linux, que no inicializa correctamente la memoria en los mensajes pasados entre los invitados virtuales y el sistema operativo host en la función vhost/vhost.c:vhost_new_msg(). Este problema puede permitir a los usuarios locales privilegiados leer algunos contenidos de la memoria del kernel cuando leen desde el archivo del dispositivo /dev/vhost-net. • https://access.redhat.com/errata/RHSA-2024:3618 https://access.redhat.com/errata/RHSA-2024:3627 https://access.redhat.com/security/cve/CVE-2024-0340 https://bugzilla.redhat.com/show_bug.cgi?id=2257406 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow. Se encontró un problema de pérdida de memoria en ctnetlink_create_conntrack en net/netfilter/nf_conntrack_netlink.c en el kernel de Linux. Este problema puede permitir que un atacante local con privilegios CAP_NET_ADMIN provoque un ataque de denegación de servicio (DoS) debido a un desbordamiento de recuento. • https://access.redhat.com/errata/RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:1188 https://access.redhat.com/errata/RHSA-2024:1250 https://access.redhat.com/errata/RHSA-2024:1306 https://access.redhat.com/errata/RHSA-2024:1367 https://access.redhat.com/errata/RHSA-2024:1382 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:2006 https://access.redhat.com/errata/RHSA • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. Se encontró una falla de use-after-free en el kernel de Linux debido a un problema de ejecución en la eliminación de ejecución de SKB por parte del recolector de basura de Unix con unix_stream_read_generic() en el socket en el que el SKB está en cola. Linux suffers from an io_uring use-after-free vulnerability due to broken unix GC interaction. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/security/cve/CVE-2023-6531 https://bugzilla.redhat.com/show_bug.cgi?id=2253034 https://lore.kernel.org/all/c716c88321939156909cfa1bd8b0faaf1c804103.1701868795.git.asml.silence@gmail.com • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •