Page 32 of 238 results (0.013 seconds)

CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer. Un uso de memoria previamente liberada desencadenado por el usuario en Linux xen-netback. Un frontend de red PV malicioso o con errores puede forzar a Linux netback a deshabilitar la interfaz y terminar el hilo del kernel de recepción asociado a la cola 0 en respuesta al envío de un paquete malformado por parte del frontend. Esta terminación del hilo del kernel conllevará un uso de memoria previamente liberada en Linux netback cuando es destruído el backend, ya que el hilo del kernel asociado a la cola 0 ya habrá salido y, por tanto, la llamada a la función kthread_stop se llevará a cabo contra un puntero obsoleto • https://security.gentoo.org/glsa/202107-30 https://security.netapp.com/advisory/ntap-20210805-0002 https://xenbits.xenproject.org/xsa/advisory-374.txt • CWE-416: Use After Free •

CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 1

The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. El subsistema vgacon en el kernel de Linux versiones anteriores a 5.8.10, maneja inapropiadamente el desplazamiento de software. Se presenta una lectura fuera de límites en la función vgacon_scrolldelta, también se conoce como CID-973c096f6a85 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.10 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=973c096f6a85e5b5f2a295126ba6928d9a6afd45 https://github.com/torvalds/linux/commit/973c096f6a85e5b5f2a295126ba6928d9a6afd45 https://seclists.org/oss-sec/2020/q3/176 https://security.netapp.com/advisory/ntap-20210805-0001 • CWE-125: Out-of-bounds Read •

CVSS: 7.0EPSS: 0%CPEs: 68EXPL: 1

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. Se ha encontrado un fallo en el protocolo de red CAN BCM en el kernel de Linux, donde un atacante local puede abusar de un fallo en el subsistema CAN para corromper la memoria, bloquear el sistema o escalar privilegios. Esta condición de carrera en el archivo net/can/bcm.c en el kernel de Linux permite una escalada de privilegios local a root A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. • https://bugzilla.redhat.com/show_bug.cgi?id=1971651 https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463 https://security.netapp.com/advisory/ntap-20220419-0004 https://www.openwall.com/lists/oss-security/2021/06/19/1 https://access.redhat.com/security/cve/CVE-2021-3609 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. Se ha encontrado un fallo en libxml2. Es posible un ataque de expansión exponencial de entidades omitiendo todos los mecanismos de protección existentes y conllevando a una denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=1950515 https://security.netapp.com/advisory/ntap-20210805-0007 https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2021-3541 • CWE-400: Uncontrolled Resource Consumption CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 2

An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8. Se ha detectado un problema en el kernel de Linux versiones anteriores a 4.14.16. Se presenta un uso de la memoria previamente liberada en el archivo net/sctp/socket.c para un bloqueo retenido después de un despegue, también se conoce como CID-a0ff660058b8 • https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.16 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0ff660058b88d12625a783ce9e5c1371c87951f https://security.netapp.com/advisory/ntap-20210720-0002 https://sites.google.com/view/syzscope/warning-held-lock-freed https://syzkaller.appspot.com/bug?id=a8d38d1b68ffc744c53bd9b9fc1dbd6c86b1afe2 • CWE-416: Use After Free •