Page 36 of 291 results (0.018 seconds)

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file. En el kernel de Linux versiones hasta 5.16.10, determinados archivos binarios pueden tener el atributo exec-all si fueron construidos aproximadamente en 2003 (por ejemplo, con GCC versión 3.2.2 y el kernel de Linux versión 2.4.20). Esto puede causar una ejecución de bytes ubicados en regiones supuestamente no ejecutables de un archivo A vulnerability was found in the Linux kernel when certain binary files have the exec-all attribute with gcc. This issue can cause the execution of bytes located in the non-executable regions of a file. • https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294 https://github.com/x0reaxeax/exec-prot-bypass https://security.netapp.com/advisory/ntap-20220318-0005 https://access.redhat.com/security/cve/CVE-2022-25265 https://bugzilla.redhat.com/show_bug.cgi?id=2055499 • CWE-281: Improper Preservation of Permissions CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 0

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. Se ha descubierto un problema en drivers/usb/gadget/composite.c en el kernel de Linux anterior a la versión 5.16.10. El subsistema USB Gadget carece de cierta validación de las solicitudes de descriptor del SO de la interfaz (las que tienen un índice de matriz grande y las asociadas a la recuperación de punteros de función NULL). • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 https://github.com/szymonh/d-os-descriptor https://github.com/torvalds/linux/commit/75e5b4849b81e19e9efe1654b30d7f3151c33c2c https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCW2KZYJ2H6BKZE3CVLHRIXYDGNYYC5P https://security.netapp.com/advisory/ntap-20221028-0007 https:/ • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0

drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. el archivo drivers/usb/gadget/legacy/inode.c en el kernel de Linux versiones hasta 5.16.8 maneja inapropiadamente la liberación dev-) buf • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda https://github.com/torvalds/linux/commit/501e38a5531efbd77d5c73c0ba838a889bfc1d74 https://github.com/torvalds/linux/commit/89f3594d0de58e8a57d92d497dea9fee3d4b9cda https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUVZA2YVOQJBJTDIDQ5HF5TAU2C6WP6H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject& • CWE-763: Release of Invalid Pointer or Reference •

CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Se encontró un fallo en el procesamiento de los errores ICMP recibidos (fragmento ICMP necesario y redireccionamiento ICMP) en la funcionalidad del kernel de Linux que permite la capacidad de escanear rápidamente los puertos UDP abiertos. Este fallo permite a un usuario remoto fuera de la ruta de acceso omitir efectivamente la aleatorización del puerto de origen UDP. • https://bugzilla.redhat.com/show_bug.cgi?id=2014230 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e https://git.kernel.org/pub/scm/linux/ke • CWE-330: Use of Insufficiently Random Values •

CVSS: 7.9EPSS: 0%CPEs: 36EXPL: 1

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de uso de memoria previamente liberada en el subsistema Bluetooth del kernel de Linux en la forma en que las llamadas de usuario son conectadas al socket y son desconectadas simultáneamente debido a una condición de carrera. Este fallo permite a un usuario bloquear el sistema o escalar sus privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=1999544 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lore.kernel.org/lkml/20211115165435.133245729%40linuxfoundation.org https://security.netapp.com/advisory/ntap-20220318-0009 https://www.debian.org/security/2022/dsa-5096 https://www.openwall.com/lists/oss-security/2021/09/15/4 https://www.oracle.com/security-alerts/cpujul2022.html https:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •