Page 238 of 2941 results (0.014 seconds)

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. Se encontró un desbordamiento de búfer en la región heap de la memoria en el subsistema LightNVM del kernel de Linux. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/lightnvm/Kconfig?h=v5.10.114&id=549209caabc89f2877ad5f62d11fca5c052e0e8 https://www.zerodayinitiative.com/advisories/ZDI-22-960 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. Se presentan vulnerabilidades de uso de memoria previamente liberada causadas por el manejador del temporizador en el archivo net/rose/rose_timer.c de linux que permiten a atacantes bloquear el kernel de linux sin ningún privilegio • https://github.com/torvalds/linux/commit/9cc02ede696272c5271a401e4f27c262359bc2f6 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://security.netapp.com/advisory/ntap-20230120-0001 https://www.debian.org/security/2022/dsa-5191 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. Se ha encontrado una vulnerabilidad en la función nft_set_desc_concat_parse() del kernel de Linux. Este fallo permite a un atacante desencadenar un desbordamiento de búfer por medio de la función nft_set_desc_concat_parse() , causando una denegación de servicio y posiblemente una ejecución de código • https://github.com/delsploit/CVE-2022-2078 https://bugzilla.redhat.com/show_bug.cgi?id=2096178 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_tables_api.c?id=fecf31ee395b0295f2d7260aa29946b7605f7c85 https://www.debian.org/security/2022/dsa-5161 https://access.redhat.com/security/cve/CVE-2022-2078 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. Se ha encontrado un fallo de desreferencia de puntero NULL en el módulo KVM del kernel de Linux, que puede conllevar a una denegación de servicio en el archivo x86_emulate_insn en arch/x86/kvm/emulate.c. Este fallo es producido mientras es ejecutada una instrucción ilegal en el huésped en la CPU Intel • https://bugzilla.redhat.com/show_bug.cgi?id=2089815 https://github.com/torvalds/linux/commit/fee060cd52d69c114b62d1a2948ea9648b5131f9 https://access.redhat.com/security/cve/CVE-2022-1852 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. La función rpmsg_virtio_add_ctrl_dev en el archivo drivers/rpmsg/virtio_rpmsg_bus.c en el kernel de Linux versiones anteriores a 5.18.4, presenta una doble liberación • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.4 https://github.com/torvalds/linux/commit/1680939e9ecf7764fba8689cfb3429c2fe2bb23c • CWE-415: Double Free •