Page 239 of 3035 results (0.019 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=467333af2f7b95eeaa61a5b5369a80063cd971fd https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/fs/ntfs3?id=467333af2f7b95eeaa61a5b5369a80063cd971fd https://security.netapp.com/advisory/ntap-20230413-0006 • CWE-763: Release of Invalid Pointer or Reference •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2157270 https://github.com/torvalds/linux/commit/729eba3355674f2d9524629b73683ba1d1cd3f10 https://security.netapp.com/advisory/ntap-20230413-0010 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2137979 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz%40163.com https://access.redhat.com/security/cve/CVE-2022-3707 • CWE-415: Double Free CWE-460: Improper Cleanup on Thrown Exception •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13 https://github.com/torvalds/linux/commit/6b8b42585886c59a008015083282aae434349094 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17 https://github.com/torvalds/linux/commit/045a31b95509c8f25f5f04ec5e0dec5cd09f2c5f https://security.netapp.com/advisory/ntap-20230331-0004 • CWE-476: NULL Pointer Dereference •