CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2024-26581 – netfilter: nft_set_rbtree: skip end interval element from gc
https://notcve.org/view.php?id=CVE-2024-26581
20 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_set_rbtree: omitir elemento de intervalo final de gc rbtree lazy gc al insertar puede recopilar un elemento de intervalo final que se acaba... • https://github.com/madfxr/CVE-2024-26581-Checker • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52433 – netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
https://notcve.org/view.php?id=CVE-2023-52433
20 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an already released object. Once transaction is finished, async GC will collect such expired element. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nft_set_rbtree: omitir sincronización GC par... • https://git.kernel.org/stable/c/f6c383b8c31a93752a52697f8430a71dcbc46adf • CWE-273: Improper Check for Dropped Privileges •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52429
https://notcve.org/view.php?id=CVE-2023-52429
12 Feb 2024 — dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. dm_table_create en drivers/md/dm-table.c en el kernel de Linux hasta 6.7.4 puede intentar (en alloc_targets) asignar más de INT_MAX bytes y fallar debido a que falta una verificación de la estructura dm_ioctl.target_count. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd504bcfec41a503b32054da5472904b404341a4 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25739 – kernel: crash due to a missing check for leb_size
https://notcve.org/view.php?id=CVE-2024-25739
12 Feb 2024 — create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. create_empty_lvol en drivers/mtd/ubi/vtbl.c en el kernel de Linux hasta 6.7.4 puede intentar asignar cero bytes y fallar debido a que falta una verificación de ubi->leb_size. A flaw was found in the Linux kernel. The create_empty_lvol function in the drivers/mtd/ubi/vtbl.c file can attempt to allocate zero bytes of memory when the LEB s... • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25740
https://notcve.org/view.php?id=CVE-2024-25740
12 Feb 2024 — A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. Se encontró una falla de pérdida de memoria en el controlador UBI en drivers/mtd/ubi/attach.c en el kernel de Linux hasta 6.7.4 para UBI_IOCATT, porque kobj->name no está publicado. • https://lore.kernel.org/lkml/0171b6cc-95ee-3538-913b-65a391a446b3%40huawei.com/T • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-1312 – Kernel: race condition leads to use after free during vma lock in lock_vma_under_rcu
https://notcve.org/view.php?id=CVE-2024-1312
08 Feb 2024 — A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system. Se encontró una falla de use-after-free en el subsistema de administración de memoria del kernel de Linux cuando un usuario gana dos carreras al mismo tiempo con una falla en la función mas_prev_slot. Este problema podría permitir que un usuario local bloquee el sistema. • https://access.redhat.com/security/cve/CVE-2024-1312 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-24864 – Race condition vulnerability in Linux kernel media/dvb-core in dvbdmx_write()
https://notcve.org/view.php?id=CVE-2024-24864
05 Feb 2024 — A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. Se encontró una condición de ejecución en media/dvb-core del kernel de Linux en la función dvbdmx_write(). Esto puede provocar un problema de desreferencia de puntero nulo, lo que posiblemente provoque un pánico en el kernel o un problema de denegación de servicio. A race condition was found in the Linu... • https://bugzilla.openanolis.cn/show_bug.cgi?id=8178 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-24857 – Race condition vulnerability in Linux kernel bluetooth in conn_info_{min,max}_age_set()
https://notcve.org/view.php?id=CVE-2024-24857
05 Feb 2024 — A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. Se encontró una condición de ejecución en el controlador de dispositivo net/bluetooth del kernel de Linux en la función conn_info_{min,max}_age_set(). Esto puede provocar un problema de desbordamiento de enteros, lo que posiblemente provoque una anomalía en la conexión Bl... • https://bugzilla.openanolis.cn/show_bug.cgi?id=8155 • CWE-190: Integer Overflow or Wraparound CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-24858 – Race condition vulnerability in Linux kernel net/bluetooth in {conn,adv}_{min,max}_interval_set()
https://notcve.org/view.php?id=CVE-2024-24858
05 Feb 2024 — A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service. Se encontró una condición de ejecución en la red/bluetooth del kernel de Linux en la función {conn,adv}_{min,max}_interval_set(). Esto puede provocar una conexión I2cap o un problema de anomalía en la transmisión, lo que posiblemente provoque una denegación de servicio. A race condition flaw ... • https://bugzilla.openanolis.cn/show_bug.cgi?id=8154 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-24859 – Race condition vulnerability in Linux kernel bluetooth sniff_{min,max}_interval_set()
https://notcve.org/view.php?id=CVE-2024-24859
05 Feb 2024 — A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service. Se encontró una condición de ejecución en la red/bluetooth del kernel de Linux en la función sniff_{min,max}_interval_set(). Esto puede provocar un problema de excepción de rastreo de Bluetooth, lo que posiblemente provoque una denegación de servicio. A race condition vulnerability was found in the Linux kernel... • https://bugzilla.openanolis.cn/show_bug.cgi?id=8153 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •