Page 367 of 2901 results (0.013 seconds)

CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. Se detectó un problema en el archivo fs/io_uring.c en el kernel de Linux versiones hasta 5.11.8. Permite a atacantes causar una denegación de servicio (deadlock) porque la salida puede estar esperando para estacionar un hilo SQPOLL, pero al mismo tiempo ese hilo SQPOLL está esperando una señal para comenzar, también se conoce como CID-3ebba796fa25 • https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3ebba796fa251d042be42b929a2d916ee5c34a49 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG https://security.netapp.com/advisory/ntap-20210430-0003 • CWE-667: Improper Locking •

CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. La función rtw_wx_set_scan en el archivo drivers/staging/rtl8188eu/os_dep/ioctl_linux.c en el kernel de Linux versiones hasta 5.11.6, permite escribir más allá del final de la matriz -)ssid[]. NOTA: desde la perspectiva de las versiones de kernel.org, las ID de CVE no se usan normalmente para drivers/staging/* (trabajo sin terminar); sin embargo, los integradores de sistemas pueden tener situaciones en las que un problema de drivers/staging sea relevante para su propia base de clientes • http://www.openwall.com/lists/oss-security/2022/11/18/1 http://www.openwall.com/lists/oss-security/2022/11/21/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74b6b20df8cfe90ada777d621b54c32e69e27cd7 https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX https:/&#x • CWE-787: Out-of-bounds Write •

CVSS: 3.8EPSS: 0%CPEs: 5EXPL: 0

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.4.92 en el protocolo BPF. Este fallo permite a un atacante con una cuenta local filtrar información sobre las direcciones internas del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1923636 https://access.redhat.com/security/cve/CVE-2021-20239 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-822: Untrusted Pointer Dereference •

CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0

A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw. Se encontró una condición de carrera en la implementación del kernel de Linux del software manejador del controlador de la unidad de disquete. • https://bugzilla.redhat.com/show_bug.cgi?id=1932150 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 2

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en el kernel de Linux en versiones anteriores a 5.10. Se encontró una violación del acceso a la memoria al detectar un relleno de int3 en el estado de enlace. • http://blog.pi3.com.pl/?p=831 https://bugzilla.redhat.com/show_bug.cgi?id=1928236 • CWE-94: Improper Control of Generation of Code ('Code Injection') •