CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-22705 – Ubuntu Security Notice USN-6639-1
https://notcve.org/view.php?id=CVE-2024-22705
23 Jan 2024 — An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled. Se descubrió un problema en ksmbd en el kernel de Linux anterior a 6.6.10. smb2_get_data_area_len en fs/smb/server/smb2misc.c puede causar un acceso fuera de los límites smb_strndup_from_utf16 porque la relación entre los datos de Nombre y los datos de C... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.10 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23848 – kernel: use-after-free in cec_queue_msg_fh
https://notcve.org/view.php?id=CVE-2024-23848
23 Jan 2024 — In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. En el kernel de Linux hasta 6.7.1, hay un use-after-free en cec_queue_msg_fh, relacionado con drivers/media/cec/core/cec-adap.c y drivers/media/cec/core/cec-api.c. A vulnerability was found in the Linux kernel. A use-after-free exists in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. Ziming Z... • https://lore.kernel.org/lkml/e9f42704-2f99-4f2c-ade5-f952e5fd53e5%40xs4all.nl • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23849 – Ubuntu Security Notice USN-6819-2
https://notcve.org/view.php?id=CVE-2024-23849
23 Jan 2024 — In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. En rds_recv_track_latency en net/rds/af_rds.c en el kernel de Linux hasta 6.7.1, hay un error uno por uno para una comparación RDS_MSG_RX_DGRAM_TRACE_MAX, lo que resulta en un acceso fuera de los límites. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, le... • https://bugzilla.suse.com/show_bug.cgi?id=1219127 • CWE-193: Off-by-one Error •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23851 – Ubuntu Security Notice USN-6726-1
https://notcve.org/view.php?id=CVE-2024-23851
23 Jan 2024 — copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl. copy_params en drivers/md/dm-ioctl.c en el kernel de Linux hasta 6.7.1 puede intentar asignar más de INT_MAX bytes y fallar debido a que falta una verificación de param_kernel->data_size. Esto está relacionado con ctl_ioctl. Pratyush Yadav discovered that the Xen network backend implementation i... • https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23850 – Ubuntu Security Notice USN-6724-1
https://notcve.org/view.php?id=CVE-2024-23850
23 Jan 2024 — In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. En btrfs_get_root_ref en fs/btrfs/disk-io.c en el kernel de Linux hasta 6.7.1, puede haber una falla de aserción y un bloqueo porque un subvolumen se puede leer demasiado pronto después de que se inserta su elemento raíz durante la creación del subvolumen. Chih-Yen Chang discovered that... • https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html • CWE-617: Reachable Assertion •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0607 – Kernel: nf_tables: pointer math issue in nft_byteorder_eval()
https://notcve.org/view.php?id=CVE-2024-0607
18 Jan 2024 — A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality. • https://access.redhat.com/security/cve/CVE-2024-0607 • CWE-229: Improper Handling of Values •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-0641 – Kernel: deadlock leading to denial of service in tipc_crypto_key_revoke
https://notcve.org/view.php?id=CVE-2024-0641
17 Jan 2024 — A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. Se encontró una vulnerabilidad de denegación de servicio en tipc_crypto_key_revoke en net/tipc/crypto.c en el subsistema TIPC del kernel de Linux. Este fallo permite a los invitados con privilegios de usuario local desencadenar un punto muerto y potencialmente bloquear el sis... • https://access.redhat.com/security/cve/CVE-2024-0641 • CWE-667: Improper Locking CWE-833: Deadlock •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 6CVE-2024-0582 – Kernel: io_uring: page use-after-free vulnerability via buffer ring mmap
https://notcve.org/view.php?id=CVE-2024-0582
16 Jan 2024 — A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se encontró un fallo de pérdida de memoria en la funcionalidad io_uring del kernel de Linux en cómo un usuario registra un anillo de búfer con IORING_REGISTER_PBUF_RING, mmap() y luego lo libera. este fallo permite que un usuario local falle o... • https://github.com/ysanatomic/io_uring_LPE-CVE-2024-0582 • CWE-416: Use After Free •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-0565 – Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client
https://notcve.org/view.php?id=CVE-2024-0565
15 Jan 2024 — An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. Se encontró un fallo de lectura de memoria fuera de los límites en receive_encrypted_standard en fs/smb/client/smb2ops.c en el subcomponente SMB Client en el kernel de Linux. Este problema se produce debido a un desbordamiento insuficiente de enteros en la long... • https://access.redhat.com/errata/RHSA-2024:1188 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6915 – Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c
https://notcve.org/view.php?id=CVE-2023-6915
15 Jan 2024 — A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return. Se encontró un problema de desreferencia de puntero null en ida_free en lib/idr.c en el kernel de Linux. Este problema puede permitir que un atacante que utilice esta librería cause un problema de denegación de servicio debido a una verificación faltante en el retorno de una función. We... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-476: NULL Pointer Dereference •