Page 275 of 3624 results (0.044 seconds)

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. El archivo drivers/scsi/stex.c en el kernel de Linux versiones hasta 5.19.9, permite a usuarios locales obtener información confidencial de la memoria del kernel porque stex_queuecommand_lck carece de memset para el caso PASSTHRU_CMD • http://www.openwall.com/lists/oss-security/2022/09/19/1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6022f210461fef67e6e676fd8544ca02d1bcfa7a https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/scsi/stex.c https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY https://lists.fedoraproject.org/archives/list/packa • CWE-908: Use of Uninitialized Resource •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. A local user could use this flaw to crash the system or potentially cause a denial of service. Se ha detectado un problema de desreferencia de puntero null en el archivo fs/io_uring.c en el kernel de Linux versiones anteriores a 5.15.62. Un usuario local podría usar este fallo para bloquear el sistema o causar potencialmente una denegación de servicio • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.15.61&id=3746d62ecf1c872a520c4866118edccb121c44fd https://lore.kernel.org/lkml/CAO4S-mdVW5GkODk0+vbQexNAAJZopwzFJ9ACvRCJ989fQ4A6Ow%40mail.gmail.com https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.62 • CWE-476: NULL Pointer Dereference •

CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0

A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. Un fallo de desreferencia de puntero NULL en diFree en el archivo fs/jfs/inode.c en Journaled File System (JFS) en el kernel de Linux. Esto podría permitir a un atacante local bloquear el sistema o filtrar información interna del kernel • https://github.com/torvalds/linux/commit/a53046291020ec41e09181396c1e829287b48d47 https://security.netapp.com/advisory/ntap-20221228-0007 • CWE-476: NULL Pointer Dereference •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system. Se encontró una vulnerabilidad de desbordamiento de búfer en el controlador de host iSMT SMBus del kernel de Linux en la forma en que manejaba el caso I2C_SMBUS_BLOCK_PROC_CALL (por el ioctl I2C_SMBUS) con datos de entrada maliciosos. Este fallo podría permitir a un usuario local bloquear el sistema A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. In particular, the userspace controllable "data->block[0]" variable was not capped to a number between 0-255 and then used as the size of a memcpy, thus possibly writing beyond the end of dma_buffer. • https://github.com/torvalds/linux/commit/690b2549b19563ec5ad53e5c82f6a944d910086e https://access.redhat.com/security/cve/CVE-2022-3077 https://bugzilla.redhat.com/show_bug.cgi?id=2123309 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0

An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. Se ha detectado un problema en el kernel de Linux versiones hasta 5.19.8. El archivo drivers/firmware/efi/capsule-loader.c presenta una condición de carrera con un uso de memoria previamente liberada resultante • https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.debian.org/security/2022/dsa-5257 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •