Page 343 of 2786 results (0.020 seconds)

CVSS: 5.6EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. Se encontró un fallo en el kernel de Linux en las versiones anteriores a 5.9-rc6. Cuando se cambia el tamaño de la pantalla, puede ocurrir una escritura de memoria fuera de límites conllevando a una corrupción de la memoria o una denegación de servicio.La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html https://bugzilla.redhat.com/show_bug.cgi?id=1876788 https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html • CWE-787: Out-of-bounds Write •

CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. Se encontró un fallo en el kernel de Linux versiones anteriores a 5.9-rc4. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14385 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4020438fab05364018c91f7e02ebdd192085933 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://usn.ubuntu.com/4576-1 https://access.redhat.com/security/cve/CVE-2020-14385 https://bugzilla.redhat.com/show_bug.cgi?id=1874800 • CWE-131: Incorrect Calculation of Buffer Size •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 1

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en la implementación del kernel de Linux del código de video invertido en consolas VGA cuando un atacante local intenta cambiar el tamaño de la consola, llamando un ioctl VT_RESIZE, lo que causa una escritura fuera de límites. Este fallo permite a un usuario local con acceso a la consola VGA bloquear el sistema, escalando potencialmente sus privilegios en el sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=1858679 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lists.openwall.net/linux-kernel/2020/07/29/234 https://www.openwall.com/lists/oss-security/2020/07/28/2 https://access.redhat.com/security/cve/CVE-2020-14331 • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. Se encontró un fallo de lectura de memoria fuera de límites en el kernel de Linux versiones anteriores a 5.9-rc2, con el sistema de archivos ext3/ext4, en la manera en que accede a un directorio con indexación rota. Este fallo permite a un usuario local bloquear el sistema si el directorio existe. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14314 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1 https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7%40redhat.com/T/#u https://usn.ubuntu. • CWE-125: Out-of-bounds Read •

CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0

The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. El controlador de dispositivo del bloque rbd en el archivo drivers/block/rbd.c en el kernel de Linux versiones hasta 5.8.9, usaba una comprobación incompleta de permisos para acceder a dispositivos rbd, que podrían ser aprovechados por atacantes locales para asignar o desasignar dispositivos de bloque rbd, también se conoce como CID-f44d04e696fe A flaw was found in the capabilities check of the rados block device functionality in the Linux kernel. Incorrect capability checks could alllow a local user with root priviledges (but no capabilities) to add or remove Rados Block Devices from the system. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00021.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f44d04e696feaf13d192d942c4f14ad2e117065a https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/10/msg00032.html https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html https://twitter.com/grsecurity/ • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-863: Incorrect Authorization •