Page 355 of 4218 results (0.015 seconds)

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2132640 https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz%40163.com https://security.netapp.com/advisory/ntap-20230406-0005 https://www.spinics.net/lists/kernel/msg4518970.html • CWE-416: Use After Free •

CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0

A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. • https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://lore.kernel.org/all/20221018203258.2793282-1-edumazet%40google.com https://access.redhat.com/security/cve/CVE-2023-0590 https://bugzilla.redhat.com/show_bug.cgi?id=2165741 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled. • https://bugzilla.redhat.com/show_bug.cgi?id=2166287 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound CWE-369: Divide By Zero CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 2

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. • http://www.openwall.com/lists/oss-security/2023/02/02/1 http://www.openwall.com/lists/oss-security/2023/11/05/1 https://bugzilla.suse.com/show_bug.cgi?id=1207560 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d2a2fd844ec7da70d19fabb482304fd1e0595b https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=76ca8da989c7d97a7f76c75d475fe95a584439d7 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9fefb6201c4f8dd9f58c581b2a66e5cde2 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161. • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y&id=788d0824269bef539fe31a785b1517882eafed93 https://github.com/gregkh/linux/commit/1e6fa5216a0e59ef02e8b6b40d553238a3b81d49 https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93 • CWE-416: Use After Free •