Page 28 of 226 results (0.015 seconds)

CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. prealloc_elems_and_freelist en kernel/bpf/stackmap.c en el kernel de Linux antes de la versión 5.14.12 permite a usuarios sin privilegios desencadenar un desbordamiento de enteros en la multiplicación de eBPF con una escritura fuera de los límites resultante. An out-of-bounds (OOB) memory write flaw was found in prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the bpf in the Linux kernel. In this flaw, the multiplication to calculate the size could lead to an integer overflow which could allow a local attacker, with a special user privilege, to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.12 https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a https://github.com/torvalds/linux/commit/30e29a9a2bc6a4888335a6ede968b75cd329657a https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM http • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 29EXPL: 2

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. Se ha encontrado un defecto de lectura de memoria fuera de límites (OOB) en el protocolo de router Qualcomm IPC en el kernel de Linux. Una falta de comprobación de saneo permite a un atacante local conseguir acceso de memoria fuera de límites, conllevando a un bloqueo del sistema o un filtrado de información interna del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1997961 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e78c597c3eb https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e78c597c3ebfd0cb329aa09a838734147e4f117 https://github.com/torvalds/linux/commit/7e78c597c3ebfd0cb329aa09a838734147e4f117 https://lists.openwall.net/netdev/2021/08/17/124 https://security.netapp.com/advisory/ntap-20220407-0007 https://www.openwall.com/lists/oss-security/2021/08/27 • CWE-125: Out-of-bounds Read •

CVSS: 4.7EPSS: 0%CPEs: 19EXPL: 1

A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. Se observó un problema de carrera en el la función vt_k_ioctl en el archivo drivers/tty/vt/vt_ioctl.c en el kernel de Linux, que puede causar una lectura fuera de límites en vt ya que el acceso de escritura a vc_mode no está protegido por el bloqueo de vt_ioctl (KDSETMDE). La mayor amenaza de esta vulnerabilidad es para la confidencialidad de los datos • https://bugzilla.redhat.com/show_bug.cgi?id=1999589 https://github.com/torvalds/linux/commit/2287a51ba822384834dafc1c798453375d1107c7 https://security.netapp.com/advisory/ntap-20221028-0003 https://www.openwall.com/lists/oss-security/2021/09/01/4 https://access.redhat.com/security/cve/CVE-2021-3753 • CWE-125: Out-of-bounds Read CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 1

A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de desreferencia de puntero NULL en la función btrfs_rm_device en el archivo fs/btrfs/volumes.c en el Kernel de Linux, donde el desencadenamiento del bug requiere "CAP_SYS_ADMIN". Este fallo permite a un atacante local bloquear el sistema o filtrar información interna del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1997958 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091 https://github.com/torvalds/linux/commit/e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091 https://security.netapp.com/advisory/ntap-20220407-0006 https://ubuntu.com/security/CVE-2021-3739 https://www.openwall.com/lists/oss-security/2021/08/25/3 • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 1

arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture. arch/mips/net/bpf_jit.c en el kernel de Linux anterior a la versión 5.4.10 puede generar código máquina no deseado al transformar programas cBPF sin privilegios, permitiendo la ejecución de código arbitrario dentro del contexto del kernel. Esto ocurre porque las ramas condicionales pueden superar el límite de 128 KB de la arquitectura MIPS • http://www.openwall.com/lists/oss-security/2021/09/15/5 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=37cb28ec7d3a36a5bace7063a3dba633ab110f8b https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20211008-0003 https://www.debian.org/security/2022/dsa-5096 •