Page 26 of 4202 results (0.012 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. Shiftfs, un sistema de archivos de apilamiento fuera del árbol incluido en los kernels de Ubuntu Linux, no manejaba apropiadamente los fallos que ocurrían durante la función copy_from_user(). • https://github.com/synacktiv/CVE-2021-3492 http://packetstormsecurity.com/files/162614/Kernel-Live-Patch-Security-Notice-LSN-0077-1.html https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=25c891a949bf918b59cbc6e4932015ba4c35c333 https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=8fee52ab9da87d82bc6de9ebb3480fff9b4d53e6 https://ubuntu.com/security/notices/USN-4917-1 https://www.openwall.com/lists/oss-security/2021/04/16/2 https:&#x • CWE-401: Missing Release of Memory after Effective Lifetime CWE-415: Double Free •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package. El paquete unity-firefox-extension podría ser engañado para que dejara caer una devolución de llamada C que todavía estaba en uso, que luego Firefox liberaría, causando un bloqueo en Firefox. Esto podría ser alcanzado al agregar una acción al iniciar y actualizar con nuevas devoluciones de llamada hasta que se alcance el límite de frecuencia de libunity-webapps. • https://launchpad.net/bugs/1175691 https://ubuntu.com/USN-2743-3 • CWE-404: Improper Resource Shutdown or Release •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely. El paquete unity-firefox-extension podría ser engañado para destruir el contexto de las aplicaciones web de Unity, haciendo que Firefox se bloquee. Esto se puede lograr girando el bucle de eventos dentro de la devolución de llamada de inicialización de la aplicación web. • https://launchpad.net/bugs/1175661 https://ubuntu.com/USN-2743-3 • CWE-404: Improper Resource Shutdown or Release •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. El comprobador bpf en el kernel de Linux no manejó apropiadamente el truncamiento del registro de destino mod32 cuando se sabía que el registro de origen era 0. Un atacante local con la habilidad de cargar programas bpf podría usar esta ganancia para lecturas fuera de límites en la memoria del kernel que conllevan a una divulgación de información (memoria del kernel) y, posiblemente, escrituras fuera de límites que podrían conllevar a una ejecución de código. • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html http://www.openwall.com/lists/oss-security/2021/03/23/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://security.netapp.com/advisory/ntap-20210416-0006 https://www.openwall.com/lists&# • CWE-125: Out-of-bounds Read CWE-681: Incorrect Conversion between Numeric Types •

CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. Se detectó un problema en el kernel de Linux versiones anteriores a 5.11.8. El archivo kernel/bpf/verifier.c presenta un error por un paso (con un subdesbordamiento de enteros resultante) afectando la especulación fuera de límites en la aritmética de punteros, conllevando a ataques de canal lateral que anulan las mitigaciones de Spectre y consiguen información confidencial de la memoria del kernel , también se conoce como CID-10d2bb2e6b1d • http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html http://www.openwall.com/lists/oss-security/2021/03/24/5 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8 https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/patch/?id=10d2bb2e6b1d8c4576c56a748f697dbeb8388899 https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FB6LUXPEIRLZH • CWE-193: Off-by-one Error •